Published: 01/11/2019 Updated: 04/11/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

An issue exists in the Infosysta "In-App & Desktop Notifications" app prior to 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.

Vulnerability Trend

Mailing Lists

Infosysta Jira version 1613_J8 suffers from an authentication bypass vulnerability that allows you to see project lists ...
CVE-2019-16906 CVE-2019-16907 CVE-2019-16908 CVE-2019-16909 wwwsyssde/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-041txt wwwsyssde/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-042txt wwwsyssde/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-043txt ...