20 cities in Texas were hit by a coordinated ransomware attack
infosec

20 cities in Texas were hit by a coordinated ransomware attack

Twenty Texas local governments have been hit by a coordinated ransomware attack, the Information Resources Department announced Friday ...
Read More
infosec

Binance compensates the hacker who hacked it!

Binance, the cryptocurrency exchange company, intends to compensate the white hat hacker who breached his domain name and ...
Read More
infosec

The hacker who invaded Capital One has hacked other 30 companies

Further investigation into Paige A. Thompson, the hacker accused of causing data breach on Capital One, showed ...
Read More
infosec

Instantly update Windows 10 users. Critical vulnerabilities identified!

Microsoft warns Windows 10 users to update their operating system immediately because of two critical vulnerabilities. OR...
Read More
infosec

European Central Bank hacked!

The European Central Bank (ECB) closed one of its websites on Thursday after being hacked and infected by a hacker ...
Read More
Latest Posts

NASA and Google data leaked from troubled Jira servers

Jira

Several malfunctioning Jira servers have leaked information about internal projects and their users Google, NASA, Yahoo etc., according to a report from Bleeping Computer.

The popular project management software Jira, developed by Atlassian and used by Fortune 500 companies to track the progress of various projects and issues.

The latest revelation, however, shows that anyone has a good knowledge of the advanced search, can access sensitive information through malicious Jira servers.

H data leakage includes the names, positions, and email addresses of employees involved in various projects of an organization, along with the current status and evolution of these projects.

Malicious Jira server

The leak was caused by a setting on Jira servers, which is used to "check the visibility of filters and dashboards."

Avinash Jain, the engineer security discovering the leak found that whenever a new filter or dashboard is created in Jira Cloud, the default visibility is set to "everyone". While the "everyone" option is interpreted as "everyone in the organization", it actually refers to everyone on the internet.

Visibility problems

There is a layout in the Jira Cloud where programs can be created for anonymous access, that is, it does not require a user to log in.

There is a sharing option for filters and dashboards called "Public" that comes with a disclaimer:

"If a filter or dashboard is shared publicly, the name of the filter or dashboard will be visible to anonymous users."

Another problem is another setting in the Global Permissions menu, where the administrator can select the "Any" option to give anonymous users access.

For systems that can be accessed from the public Internet, this option is not recommended - because Jira has a selection feature that will allow a user with unlimited access to retrieve a "complete list of usernames and email addresses from their servers. "

Bleeping Computer discovered the information of several government domains, along with the domain of private companies and educational institutions, using this setting.

Based on the organization and value of the information, this gap can be used for attack or corporate espionage.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *