-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.20.4, 4.20.5
-
None
-
5.3
-
Medium
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure vulnerability in the {BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> endpoint.
The affected versions are before version 4.20.6.
Affected versions:
- version < 4.20.6
Fixed versions:
- 4.20.6
- mentioned in
-
Page Failed to load
[JSDSERVER-11120] Leaked admin credentials via Insight object import
| Remote Link | New: This issue links to "Page (Confluence)" [ 733366 ] |
| Resolution | New: Fixed [ 1 ] | |
| Security | Original: Atlassian Staff [ 10750 ] | |
| Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
| Labels | Original: advisory advisory-to-release dont-import security 🔢✅ | New: advisory advisory-released dont-import security 🔢✅ |
| Summary | Original: Leaked Admin USER/PASS credentials at [Insight] for JSON data source | New: Leaked admin credentials via Insight object import |
| Affects Version/s | New: 4.20.5 [ 99307 ] |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure in the in the \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> endpoint.
The affected versions are before version 4.20.6. *Affected versions:* * version < 4.20.6 *Fixed versions:* * 4.20.6 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure vulnerability in the \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> endpoint.
The affected versions are before version 4.20.6. *Affected versions:* * version < 4.20.6 *Fixed versions:* * 4.20.6 |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allow low privilege employees to see admin credentials via an information disclosure in the in the \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> endpoint.
The affected versions are before version 4.20.6. *Affected versions:* * version < 4.20.6 *Fixed versions:* * 4.20.6 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated users to see admin credentials via an information disclosure in the in the \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> endpoint.
The affected versions are before version 4.20.6. *Affected versions:* * version < 4.20.6 *Fixed versions:* * 4.20.6 |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allows other low privilege employees to see admin credentials via information leakage in the API \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> response.
The affected versions are before version 4.20.6. *Affected versions:* * version < 4.20.6 *Fixed versions:* * 4.20.6 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow low privilege employees to see admin credentials via an information disclosure in the in the \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> endpoint.
The affected versions are before version 4.20.6. *Affected versions:* * version < 4.20.6 *Fixed versions:* * 4.20.6 |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server and Data Center allows other low privilege employees to see admin credentials via information leakage in the API \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> response.
The affected versions of Atlassian Jira Service Management Server and Data Center are before version 4.20.4. *Affected versions:* * 4.20.4 *Fixed versions:* * 4.20.6 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allows other low privilege employees to see admin credentials via information leakage in the API \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> response.
The affected versions are before version 4.20.6. *Affected versions:* * version < 4.20.6 *Fixed versions:* * 4.20.6 |
| Description |
Original:
Affected versions of Atlassian Jira Service Management Server leaks remote attackers
to view sensitive information via an Information Disclosure vulnerability in {component} The affected versions of Atlassian Jira Service Management Server and Data Center are before version 4.20.4. *Affected versions:* * 4.20.4 *Fixed versions:* * 4.20.6 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allows other low privilege employees to see admin credentials via information leakage in the API \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> response.
The affected versions of Atlassian Jira Service Management Server and Data Center are before version 4.20.4. *Affected versions:* * 4.20.4 *Fixed versions:* * 4.20.6 |