Vulnerability Description
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netic | Group Export | < 1.0.3 |
Related Weaknesses (CWE)
References
- https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463eExploitThird Party Advisory
- https://marketplace.atlassian.com/apps/1222388/group-export-for-jira/version-hisProductThird Party Advisory
- https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463eExploitThird Party Advisory
- https://marketplace.atlassian.com/apps/1222388/group-export-for-jira/version-hisProductThird Party Advisory
FAQ
What is CVE-2022-39960?
CVE-2022-39960 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a gr...
How severe is CVE-2022-39960?
CVE-2022-39960 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39960?
Check the references section above for vendor advisories and patch information. Affected products include: Netic Group Export.