Description

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

The Manage Filters page (that is accessible at the endpoint /secure/ManageFilters.jspa) usually leaks potentially sensitive information such as employee names and email addresses and internal product names.

It's recommended to restrict access to this page if the information returned here contains sensitive information.

Remediation

Restrict access to the /secure/ManageFilters.jspa endpoint if the data returned on this page contains sensitive information. Consult Web References section for more information.

References

How to Remove the 'Everyone' Share Option from Filters

Related Vulnerabilities

WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)

WordPress Plugin wp-FileManager Arbitrary File Disclosure (1.3.0)

WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)

WordPress Plugin Advanced Woo Search Information Disclosure (1.99)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure