Jump to content
Facebook Twitter Youtube

[Software] One of the most po[CENSORED]r developer tools has a critical vulnerability


AL_MAOT
 Share

Recommended Posts

YsReok3f8M9yESRDbeGJVH-970-80.jpg.webp

 

A new vulnerability that enables an attacker to obtain sensitive user information has been discovered in Jira which is a po[CENSORED]r system for bug tracking, interacting with users and project management.

The information disclosure vulnerability, tracked as CVE-2020-14181, has a CVSS score of 5.3 and was first found by Positive Technologies expert Mikhail Klyuchnikov. The vulnerability affects Jira Server and Data Center and occurs because any unauthorized user can access a specific script.

Jira's developer Atlassian is known for making po[CENSORED]r products that are used by 170,000 clients in over 190 countries and 83 percent of its customers are part of the Fortune Global 500.

 

We've put together a list of the best online cybersecurity courses
These are the best laptops for programming on the market
Also check out our roundup of the best antivirus software


Jira vulnerability


Senior security researcher at Positive Technologies Mikhail Klyuchnikov provided further insight on the vulnerability he discovered in a press release, saying:

"Such vulnerabilities help attackers to significantly save time in their attempts to breach systems: they make it possible to determine the presence of an account with a particular login in the system. By bruteforcing various logins, attackers can identify which users are present in the system. If a login exists, the system discloses the user's personal data (in cases where such data is present), and if a login is not found, the system reports it. 

“After bruteforcing the existing logins, the attackers could go on to bruteforce the passwords of each existing user. Without this vulnerability, attackers would have to haphazardly bruteforce the passwords to logins which might not exist in the system. The vulnerability reduces the time hackers would need and decreases the probability of being detected, which, ultimately, makes the target less attractive for attackers. That's why we strongly recommend installing the updates."

Thankfully though, Atlassian has patched the vulnerability in product versions 7.13.6, 8.5.7 and 8.12.0 and customers should install it immediately to prevent falling victim to any potential attacks exploiting it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

WHO WE ARE?

CsBlackDevil Community [www.csblackdevil.com], a virtual world from May 1, 2012, which continues to grow in the gaming world. CSBD has over 70k members in continuous expansion, coming from different parts of the world.

 

 

Important Links