exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass

Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass
Posted Oct 28, 2019
Authored by Erik Steltzner, Sascha Heider, Fabian Krone | Site syss.de

Infosysta Jira version 1.6.13_J8 suffers from an authentication bypass vulnerability that allows you to see push notifications for a given user.

tags | exploit, bypass
advisories | CVE-2019-16906
SHA-256 | 01fd0ed65d6bb484afc3a2b833eae1e73bda43947aa08a133d177919fadef778

Infosysta Jira 1.6.13_J8 Push Notification Authentication Bypass

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2019-041
Product: In-App & Desktop Notification for Jira
Manufacturer: Infosysta
Affected Version(s): 1.6.13_J8
Tested Version(s): 1.6.13_J8
Vulnerability Type: Authentication/Authorization Bypass
Risk Level: High
Solution Status: Closed
Manufacturer Notification: 2019-09-24
Solution Date: 2019-10-01
Public Disclosure: 2019-10-23
CVE Reference: CVE-2019-16906
Author of Advisory:
Erik Steltzner, SySS GmbH
Fabian Krone, SySS GmbH
Sascha Heider, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

In-App & Desktop Notification for Jira is a Plug-in that displays email notification
from Jira directly within the application.

The manufacturer describes the product as follows (see [1]):

"In-app & Desktop Notifications for Jira app allows you to get all of Jira's
email notifications in front of you. Now you won't have to search through all
your emails to check for a specific event in Jira, but all what you need to do
is to check the notification section in Jira and see all events that happened
in Jira and are related to you.
You will also receive instant Desktop notifications as well as you will be able
to add comments to the tickets directly from the notification."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

With a Jira user name, the corresponding notifications can be read without authentication/authorization.
This notification is then no longer displayed to the normal user.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

Using the following path it is possible to see notifications for a specific user:
/plugins/servlet/nfj/PushNotification?username=<userName>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Before delivering a reply, it should be checked whether a
request has the necessary authorization.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2019-09-10: Vulnerability discovered
2019-09-24: Vulnerability reported to manufacturer
2019-10-01: Patch released by manufacturer
2019-10-23: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for In-App & Desktop Notification for Jira
https://marketplace.atlassian.com/apps/1217434/in-app-desktop-notifications-for-jira
[2] SySS Security Advisory SYSS-2019-041
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-041.txt
[3] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Erik Steltzner, Fabian Krone
and Sascha Heider of SySS GmbH.

E-Mail: erik.steltzner@syss.de
Public Key: ://www.syss.de/fileadmin/dokumente/PGPKeys/Erik_Steltzner.asc
Key ID: 0x4C7979CE53163268
Key Fingerprint: 6538 8216 555B FBE7 1E01 7FBD 4C79 79CE 5316 3268

E-Mail: fabian.krone@syss.de
Public Key: ://www.syss.de/fileadmin/dokumente/PGPKeys/Fabian_Krone.asc
Key ID: 0xBFDF30ABD10EA0F4
Key Fingerprint: 0ADE D2AA AE27 7DDA A8F0 C051 BFDF 30AB D10E A0F4

E-Mail: sascha.heider@syss.de
Public Key: ://www.syss.de/fileadmin/dokumente/PGPKeys/Sascha_Heider.asc
Key ID: 0x06C4F8D7FCE9AF94
Key Fingerprint: F99E 89B8 EF77 C34F 6F9F 0E19 06C4 F8D7 FCE9 AF94

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: https://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZTiCFlVb++ceAX+9THl5zlMWMmgFAl2wTx4ACgkQTHl5zlMW
MmiiOg/+JCucgzsU1KS7J3jAcn6l3xYinHyLh7jxxdlrB/6NuepeigjFJH2LjG8g
QlBx9XDCMgr68K8VI54oOLF2OFPrnSHeF/zAIrtj6QrKq/g2V72OvRIJoHmIcDCP
zmrQzXmU9b2Z+kXW6nqOfObbIVVMDoLBPJ+d99VeYPz0hFlUB2wdk87PTB7GY621
OuI6UljIJAO6HYOleSvpUYiFtQwk02U2GAzJnz8YADdGt0iE34L2+rRvmJ6u6RB1
irmMBRwctAw+79DPPZSA3lx1BajyrfYizFRNntR1UFd62/NdsDwKA1QNidK8JTRb
+/XvyjmQl+ln/sFGelhZyXEBZQSmEUG+YdtvekXWqMMhD9UoEow1sGgYOQdSAHUQ
eov7+cn6NEdzloeSAvIbx8Ho4ZzLU8rP5+ucsvzJyk4sdr5RbMT6++xHDhTCTM9k
5njp5tiUZYOI1ebGgci3QMtixU9FtoQHccaqSCwVq5RYQuJ2xOpW1Z+UPrFlflNq
Mo2yLeYw1iCBskRoMFdWiWwsQOK7riV5NUam18sbwx1ua97Kgsf9rz+V3hJz1qGF
ifpGmxF5xOfhanLQZ37rgAVGvuBOky85+7BFJh+rqKymp0n/mopguxDg6mnzavwg
wknXNv1cFlgdsUUwTSpZjTnJ+fO7npEzTdfeSFVEk1HjiaJlQ94=
=Yt7r
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close