One Misconfig (JIRA) to Leak Them All- Including NASA and Hundreds of Fortune 500 Companies!

2019-08-06 13:52:00
Avinash Jain
Retransmettre:
Medium
1778


Hi Guys,



Some months back, I published an article on “Exposed JIRA server leaks NASA staff and project data” in which I was able to find NASA staff details, their username, their email ids along with their internal project details which were getting leaked by one of their tools — JIRA which is an Atlassian task tracking systems/project management software used by around 135,000 companies and organization globally. The root cause behind the leak was the wild misconfiguration which was present in JIRA. Why the term “wild” being used is because, with the help of the same misconfiguration, I happened to access internal user data, internal project details of hundreds and thousands of companies which were using JIRA. (Click HERE to read more)
Commenter
Commentaires reçus après vérification。