what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Infosysta Jira 1.6.13_J8 User Name Disclosure

Infosysta Jira 1.6.13_J8 User Name Disclosure
Posted Oct 28, 2019
Authored by Erik Steltzner, Sascha Heider, Fabian Krone | Site syss.de

Infosysta Jira version 1.6.13_J8 suffers from a user name disclosure vulnerability.

tags | exploit
advisories | CVE-2019-16907
SHA-256 | 506fa47855ab00052d2c3b374f021b09caf1e85be4e4a010161eed8775c5f5b8

Infosysta Jira 1.6.13_J8 User Name Disclosure

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2019-043
Product: In-App & Desktop Notification for Jira
Manufacturer: Infosysta
Affected Version(s): 1.6.13_J8
Tested Version(s): 1.6.13_J8
Vulnerability Type: Authentication/Authorization Bypass
Risk Level: Medium
Solution Status: Closed
Manufacturer Notification: 2019-09-24
Solution Date: 2019-10-01
Public Disclosure: 2019-10-23
CVE Reference: CVE-2019-16907
Author of Advisory:
Erik Steltzner, SySS GmbH
Fabian Krone, SySS GmbH
Sascha Heider, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

In-App & Desktop Notification for Jira is a Plug-in that displays email notification
from Jira directly within the application.

The manufacturer describes the product as follows (see [1]):

"In-app & Desktop Notifications for Jira app allows you to get all of Jira's
email notifications in front of you. Now you won't have to search through all
your emails to check for a specific event in Jira, but all what you need to do
is to check the notification section in Jira and see all events that happened
in Jira and are related to you.
You will also receive instant Desktop notifications as well as you will be able
to add comments to the tickets directly from the notification."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

It is possible to read out all user names within Jira without authentication/authorization.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

Using the following path it is possible to list all existing user names:
/plugins/servlet/nfj/UserFilter?searchQuery=@

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Before delivering a reply, it should be checked whether a
request has the necessary authorization.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2019-09-10: Vulnerability discovered
2019-09-24: Vulnerability reported to manufacturer
2019-10-01: Patch released by manufacturer
2019-10-23: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for In-App & Desktop Notification for Jira
https://marketplace.atlassian.com/apps/1217434/in-app-desktop-notifications-for-jira
[2] SySS Security Advisory SYSS-2019-043
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-043.txt
[3] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Erik Steltzner, Fabian Krone and Sascha Heider
of SySS GmbH.

E-Mail: erik.steltzner@syss.de
Public Key: ://www.syss.de/fileadmin/dokumente/PGPKeys/Erik_Steltzner.asc
Key ID: 0x4C7979CE53163268
Key Fingerprint: 6538 8216 555B FBE7 1E01 7FBD 4C79 79CE 5316 3268

E-Mail: fabian.krone@syss.de
Public Key: ://www.syss.de/fileadmin/dokumente/PGPKeys/Fabian_Krone.asc
Key ID: 0xBFDF30ABD10EA0F4
Key Fingerprint: 0ADE D2AA AE27 7DDA A8F0 C051 BFDF 30AB D10E A0F4

E-Mail: sascha.heider@syss.de
Public Key: ://www.syss.de/fileadmin/dokumente/PGPKeys/Sascha_Heider.asc
Key ID: 0x06C4F8D7FCE9AF94
Key Fingerprint: F99E 89B8 EF77 C34F 6F9F 0E19 06C4 F8D7 FCE9 AF94

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: https://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZTiCFlVb++ceAX+9THl5zlMWMmgFAl2wTyYACgkQTHl5zlMW
MmhNtg/+NAuoLbSdHSow25HiVL4eFstwd2Bnh4CWGba2/E0YNZ3DzD8/6cSCzr9s
5pOU9fTz3lyZHWh7r2Jg8IutTaPk3AHC6qHx8hvACqhqnpHhfejCHtqc6ROK2VRT
1vGCp3j7EqDN52e7lQZaDmNxAnhNu7CeCIKHIdzKnEkg4owlEI5JYwzwF8YogTqF
keiQjd/eVw9o2NFjy+b1+q2/UuAeuRZ1Rd/YZ8RyvLuG/lsT2oOCdikXnWN/AIDm
q8rQe8uiVoA9fjixsNWHCW6PcnwPtMwu3K/pFLmzh7n482J/VIzjBfngnnRgrHCG
/UvwUGG/UgXxiWUKbEoVrA3TeOfTybOWQ3+SHKyZdUBUmoIJBzZq5CdJRJMpne5U
0iY1qbFwZL5XVIhgfN16W3OOMp4cUk3mbT9OWTRg2S13pZpllONjM4E5+cIGpjwX
gTH7FzEVT8ywLEWN+m1ISA4LDCK9mXS+LM8s/RLLRcDibBaUdqCyb8UTxnVcaFtk
syO+dTMtIJNymvM+hpkRadMuKxaL5Rm7SOfjrpA7aQORlwFxM2NGrmNQcos7jUQL
Z2M8sinSq/Ht+SPbIwnxzE+z1Ve6xFBNgnT1PWu5MPOOCkM6Qo9f22EhVjTVS6Td
/BTiVKZPEG58O5oN8Oq8r3w6LX2i9wmUBAqAyGBFCMkQ5JLKA/U=
=mNrG
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close