Organizations like Google, Yahoo, NASA, Lenovo, 1Password, Zendesk as well as various governing bodies were exposing sensitive data due to misconfigured Jira servers. Jira is a popular solution for project management, developed by Atlassian for agile teams.
What’s the matter?
Discovered by a security engineer, Avinash Jain, the leak in Jira servers occurs whenever a new filter and dashboard are created in the Jira cloud, with the default visibility set to ‘all’. Here, the ‘all’ is understood as ‘all within the organization’ but it refers to everyone on the internet.
"If a filter or dashboard is shared with Public, the name of the filter or dashboard will be visible to anonymous users, "Jira Cloud documentation.
What data is leaked?
The leaked data includes names, roles, and email addresses of employees who are involved in various projects of an organization, along with the current state and development of those projects.
How was the leak discovered?
Jain used specific search operators (Google Dorks) to identify the machines with Jira servers installed to allow access to information about users and related projects. When Bleeping Computer tried to find vulnerable machines using Google Dorks, it could easily find government domains as well as private companies and educational institutions.
These exposed details can be quite valuable depending on the impacted organization. Threat actors can leverage such data for reconnaissance operations.
"Thousands of companies filters, dashboards and staff data were publicly exposed," said Jain, Bleeping Computer reported.
"I have discovered several such misconfigured JIRA accounts in hundreds of companies. Some of the companies were from Alexa and Fortune top list including big giants like NASA, Google, Yahoo, etc and government sites,” Jain added.