NASA, Yahoo, Google, Zendesk, Informatica, 1password, Lenovo, and some government institutions got their data open to public.
Information about employees of well-known organisations was disclosed due to a misconfiguration in JIRA which was reported by Avinash Jain, a Lead Infrastructure Security Engineer at Grofers.
When you set visibility to “Everyone” by default, JIRA makes data available to public – not just to every user in an organisation. When you pick a user it provides you with a name and an email of a person. There is an authorisation misconfiguration in JIRA’s Global Permissions settings.
If a violator has an access to the link, all the information, including roles, projects, and JIRA dashboards details are in front of an attacker.
Some recommendations have followed advising to go to settings, click on the System, opt for General Configuration and remove a tick from “Allow users to share dashboards and filters with the public.”
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!