Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 01/11/2019 Updated: 21/07/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Subscribe to In-app \& Desktop Notifications

An issue exists in the Infosysta "In-App & Desktop Notifications" app prior to 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
infosysta in-app \\& desktop notifications

Infosysta Jira version 1613_J8 suffers from an authentication bypass vulnerability that allows you to see project lists ...

CWE-862 https://marketplace.atlassian.com/apps/1217434/in-app-desktop-notifications-for-jira http://packetstormsecurity.com/files/154992/Infosysta-Jira-1.6.13_J8-Project-List-Authentication-Bypass.html https://nvd.nist.gov https://packetstormsecurity.com/files/154992/Infosysta-Jira-1.6.13_J8-Project-List-Authentication-Bypass.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-16909

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect