Wednesday, June 3, 06:53
Home security NASA and Google data leaked from troubled Jira servers

NASA and Google data leaked from troubled Jira servers

Jira

Several malfunctioning Jira servers have leaked information about internal projects and their users Google, NASA, Yahoo etc., according to a report from Bleeping Computer.

The popular project management software Jira, developed by Atlassian and used by Fortune 500 companies to track the progress of various projects and issues.

The latest revelation, however, shows that anyone has a good knowledge of the advanced search, can access sensitive information through malicious Jira servers.

H data leakage includes the names, positions, and email addresses of employees involved in various projects of an organization, along with the current status and evolution of these projects.

Malicious Jira server

The leak was caused by a setting on Jira servers, which is used to "check the visibility of filters and dashboards."

Avinash Jain, the engineer security who discovered the leak found that whenever a new filter or dashboard was created in Jira Cloud, the default visibility was set to "everyone". While the "everyone" option is interpreted as "everyone in the organization", it actually refers to everyone on the internet.

Visibility problems

There is a layout in the Jira Cloud where programs can be created for anonymous access, that is, it does not require a user to log in.

There is a sharing option for filters and dashboards called "Public" that comes with a disclaimer:

"If a filter or dashboard is shared publicly, the name of the filter or dashboard will be visible to anonymous users."

Another problem is another setting in the Global Permissions menu, where the administrator can select the "Any" option to give anonymous users access.

For systems that can be accessed from the public Internet, this option is not recommended - because Jira has a selection feature that will allow an unrestricted user to retrieve a "complete list of usernames and email addresses from their servers. ”

Bleeping Computer discovered the information of several government domains, along with the domain of private companies and educational institutions, using this setting.

Based on the organization and value of the information, this gap can be used for attack or corporate espionage.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...