Description

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions. The JIRA REST APIs are used to interact with the JIRA Server applications remotely, for example, when configuring webhooks. The JIRA Server platform provides a REST API for common features, like issues and workflows.

The scanner determined that it's possible to interact with the JIRA REST APIs without providing any type of authentication.

Remediation

Configure your Atlassian Jira installation to use OAuth or Basic authentication for REST APIs.

References

Basic auth for REST APIs

OAuth for REST APIs

Related Vulnerabilities

Laravel LogViewer open

TRACE/TRACK Method Detected

Insecure Transportation Security Protocol Supported (SSLv3)

Adobe Experience Manager Misconfiguration

ASP.NET debugging enabled

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Tags

Configuration