Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Atlassian JIRA Servicedesk misconfiguration - Vulnerability Database

Atlassian JIRA Servicedesk misconfiguration

Description

Atlassian JIRA is a tool that is used for bug tracking, issue tracking, and project management.

This instance of Atlassian JIRA is misconfigured to allow an attacker to sign up (create a new account) just by navigating to the signup page that is accessible at the URL /servicedesk/customer/user/signup. After the attacker has created a new account it's possible for him/her to access the support portal.

Remediation

Please consult the Atlassian documentation (from the References link) that explains how to choose the right settings to secure your Atlassian JIRA installation.

References

Hundreds of internal servicedesks exposed due to COVID-19
Customer permissions for your service desk and Jira site

Related Vulnerabilities

Apache Tomcat version older than 7.0.21 High
Common tags: Authentication Bypass Configuration
Case-Insensitive Routing Bypass in Express.js Application High
Common tags: Authentication Bypass Configuration
Joomla! Core Security Bypass High
Common tags: Authentication Bypass Configuration
Adobe ColdFusion 9 administrative login bypass High
Common tags: Authentication Bypass Configuration
Microsoft IIS WebDAV authentication bypass High
Common tags: Authentication Bypass Configuration

Severity

Medium

Classification

CWE-287
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Authentication Bypass
Configuration