Jira Service Desk Sign Up Detected

low Web Application Scanning Plugin ID 113218

Synopsis

Jira Service Desk Sign Up Detected

Description

Atlassian Jira is a software application used for issue tracking and project management. An internal only Atlassian Jira Service Desk instance may be misconfigured to be accessible to 3rd parties to sign up, potentially leading to attackers creating accounts and raising ticket requests for privileged internal access, and in some cases expose email addresses and other sensitive information contained inside.

Solution

Review the scope of the Atlassian Jira Service Desk. If the detected instance is intended for internal users only restrict access permissions for external accounts to the instance.

See Also

https://support.atlassian.com/jira-service-management-cloud/docs/customer-permissions-for-your-service-project-and-jira-site/

https://medium.com/@intideceukelaire/hundreds-of-internal-servicedesks-exposed-due-to-covid-19-ecd0baec87bd

Plugin Details

Severity: Low

ID: 113218

Type: remote

Published: 4/21/2022

Updated: 4/21/2022

Scan Template: scan, pci

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

Reference Information