En
En
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
Data protection and classification
Access rights audit
User activity audit, investigation
Compliance
Use case: access control and change management
Use case: user behavior and insider detection
Use case: eDiscovery
Use case: file cleanup
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact us
Products
SearchInform DLP
SearchInform Risk Monitor
SearchInform ProfileCenter
SearchInform FileAuditor
SearchInform SIEM
TimeInformer
Cloud solutions
Third-party integration
Services
Services
SearchInform for MSSP
How to max out SearchInform services
Compliance
Saudi Arabian Monetary Authority
GDPR compliance with SearchInform
Personal Data Protection Bill
Resources
White Papers
Research
How to
Practices and use cases
Videos
Partners
Become a Partner
Partner login
Contact Us
Book a return call
HomeBlogJIRA exposes corporate data of Google, Yahoo and NASA
BACK TO BLOG LIST
JIRA exposes corporate data of Google, Yahoo and NASA
06.08.2019

NASA, Yahoo, Google, Zendesk, Informatica, 1password, Lenovo, and some government institutions got their data open to public.

Information about employees of well-known organisations was disclosed due to a misconfiguration in JIRA which was reported by Avinash Jain, a Lead Infrastructure Security Engineer at Grofers.

When you set visibility to “Everyone” by default, JIRA makes data available to public – not just to every user in an organisation. When you pick a user it provides you with a name and an email of a person. There is an authorisation misconfiguration in JIRA’s Global Permissions settings.

If a violator has an access to the link, all the information, including roles, projects, and JIRA dashboards details are in front of an attacker.

Some recommendations have followed advising to go to settings, click on the System, opt for General Configuration and remove a tick from “Allow users to share dashboards and filters with the public.”

Settings configurations should be monitored, and a special software assists you with control of changes made in configurations, and evaluates whether settings conform to corporate rules and general regulations.
BACK TO BLOG LIST
Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.
Products and Services
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSSP
Cloud Deployment
Company
Contact
About Our Company
Company Portfolio
Our Clients
Press About Us
Press Kit
Resources
White Papers
Third-party integration
Research
Practices and use cases
Videos
News
Company News
Product News
Events
Blog
Challenges
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Data at Rest Discovery
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
Roles
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Industries
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
Partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2024 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies