Detections
Analytics
Jira Service Desk Sign Up Detected
medium Web App Scanning Plugin ID 113218
Language:
Synopsis
Jira Service Desk Sign Up DetectedDescription
Atlassian Jira is a software application used for issue tracking and project management. An internal only Atlassian Jira Service Desk instance may be misconfigured to be accessible to 3rd parties to sign up, potentially leading to attackers creating accounts and raising ticket requests for privileged internal access, and in some cases expose email addresses and other sensitive information contained inside.Solution
Review the scope of the Atlassian Jira Service Desk. If the detected instance is intended for internal users only restrict access permissions for external accounts to the instance.See Also
Plugin Details
Severity: Medium
ID: 113218
Type: remote
Family: Web Applications
Published: 4/21/2022
Updated: 4/21/2022
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Low
Score: 2.9
CVSS v2
Risk Factor: Low
Base Score: 2.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Low
Base Score: 3.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score Source: Tenable
CVSS v4
Risk Factor: Medium
Base Score: 6.3
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score Source: Tenable
Reference Information
CWE: 284
OWASP: 2010-A8, 2013-A7, 2017-A5, 2021-A1
WASC: Insufficient Authorization
CAPEC: 19, 441, 478, 479, 502, 503, 536, 546, 550, 551, 552, 556, 558, 562, 563, 564, 578
DISA STIG: APSC-DV-000460
HIPAA: 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-1.4.2
PCI-DSS: 3.2-6.5.8