Home > Industry News > JIRA exposes corporate data of Google, Yahoo and NASA

JIRA exposes corporate data of Google, Yahoo and NASA

06.08.2019

NASA, Yahoo, Google, Zendesk, Informatica, 1password, Lenovo, and some government institutions got their data open to public.

Information about employees of well-known organisations was disclosed due to a misconfiguration in JIRA which was reported by Avinash Jain, a Lead Infrastructure Security Engineer at Grofers.

When you set visibility to “Everyone” by default, JIRA makes data available to public – not just to every user in an organisation. When you pick a user it provides you with a name and an email of a person. There is an authorisation misconfiguration in JIRA’s Global Permissions settings.

If a violator has an access to the link, all the information, including roles, projects, and JIRA dashboards details are in front of an attacker.

Some recommendations have followed advising to go to settings, click on the System, opt for General Configuration and remove a tick from “Allow users to share dashboards and filters with the public.”

Settings configurations should be monitored, and a special software assists you with control of changes made in configurations, and evaluates whether settings conform to corporate rules and general regulations.

SearchInform DLP

SearchInform Risk Monitor

Cloud solutions

SearchInform ProfileCenter

SearchInform FileAuditor

SearchInform SIEM

TimeInformer

Services

SearchInform for MSSP

How to max out SearchInform services

Challenges

Roles

Industries

Saudi Arabian Monetary Authority

GDPR compliance with SearchInform

Personal Data Protection Bill

White Papers

Third-party integration

Research

How to

Practices and use cases

Videos

JIRA exposes corporate data of Google, Yahoo and NASA