Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-11128

Source configuration information leakage in API response

XMLWordPrintable

    • 4.3
    • Medium

      Affected versions of Atlassian Jira Service Management Server and Data Center allow an unauthorised user to view source configuration information via information disclosure in the endpoint /rest/insight/1.0/progress/category/imports/.

      Affected versions:

      • 4.19.0

      Fixed versions:

      • 4.20.6

            [JSDSERVER-11128] Source configuration information leakage in API response

            Mandeep Jadon made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 733451 ]
            Manisha Sangwan (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Security Original: Atlassian Staff [ 10750 ]
            Status Original: Draft [ 12872 ] New: Published [ 12873 ]
            Manisha Sangwan (Inactive) made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow an unauthorised user to view source configuration information via information disclosure in the endpoint /rest/insight/1.0/progress/category/imports/.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6             		New: Affected versions of Atlassian Jira Service Management Server and Data Center allow an unauthorised user to view source configuration information via information disclosure in the endpoint /rest/insight/1.0/progress/category/imports/.

            *Affected versions:*
             * 4.19.0

            *Fixed versions:*
             * 4.20.6
            Manisha Sangwan (Inactive) made changes -
            Affects Version/s Original: 4.20.6 [ 99596 ]
            Affects Version/s New: 4.19.0 [ 96190 ]
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow an unauthorised user to view source configuration information via information disclosure in the endpoint /rest/insight/1.0/progress/category/imports/1.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6             		New: Affected versions of Atlassian Jira Service Management Server and Data Center allow an unauthorised user to view source configuration information via information disclosure in the endpoint /rest/insight/1.0/progress/category/imports/.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6
            AB made changes -
            Summary Original: Source configuration information leakage in API response. New: Source configuration information leakage in API response
            Manisha Sangwan (Inactive) made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allows an unauthorised user to get hold of source configuration information via information leakage in the endpoint /rest/insight/1.0/progress/category/imports/1.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6             		New: Affected versions of Atlassian Jira Service Management Server and Data Center allow an unauthorised user to view source configuration information via information disclosure in the endpoint /rest/insight/1.0/progress/category/imports/1.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6
            Manisha Sangwan (Inactive) made changes -
            Summary Original:  REST API endpoint leaked import source config info by [Synchronize object] New: Source configuration information leakage in API response.
            Manisha Sangwan (Inactive) made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allows an unauthorised user to get hold of configuration information via a information leakage in the endpoint /rest/insight/1.0/progress/category/imports/1.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6             		New: Affected versions of Atlassian Jira Service Management Server and Data Center allows an unauthorised user to get hold of source configuration information via information leakage in the endpoint /rest/insight/1.0/progress/category/imports/1.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6
            Manisha Sangwan (Inactive) made changes -
            Description Original: Affected versions of Atlassian Jira Service Management Server and Data Center allows other low privilege employees to see admin credentials via information leakage in the API \{BaseUrl}/rest/insight/1.0/import/module/test/rlabs-import-type-json?objectSchemaId=<ID> response.

            The affected versions of Atlassian Jira Service Management Server and Data Center are before version 4.20.6.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6             		New: Affected versions of Atlassian Jira Service Management Server and Data Center allows an unauthorised user to get hold of configuration information via a information leakage in the endpoint /rest/insight/1.0/progress/category/imports/1.

            *Affected versions:*
             * 4.20.6

            *Fixed versions:*
             * 4.20.6

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: