Description

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

The Manage Filters page (that is accessible at the endpoint /secure/ManageFilters.jspa) usually leaks potentially sensitive information such as employee names and email addresses and internal product names.

It's recommended to restrict access to this page if the information returned here contains sensitive information.

Remediation

Restrict access to the /secure/ManageFilters.jspa endpoint if the data returned on this page contains sensitive information. Consult Web References section for more information.

References

How to Remove the 'Everyone' Share Option from Filters

Related Vulnerabilities

WordPress Plugin WP Activity Log Information Disclosure (3.1.1)

Joomla! Core Information Disclosure (1.5.0 - 3.7.5)

Configuration file source code disclosure

Drupal 7 arbitrary PHP code execution and information disclosure

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure