Vulnerabilities > CVE-2019-16907 - Missing Authorization vulnerability in Infosysta In-App & Desktop Notifications 1.6.13J8

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

infosysta

CWE-862

NVD

Published: 2019-10-31

Updated: 2024-11-21

Summary

An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.

Vulnerable Configurations

Part	Description	Count
Application	Infosysta Infosysta IN APP & Desktop Notifications 1.6.13_J8	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Packetstorm

data source	https://packetstormsecurity.com/files/download/154993/SYSS-2019-043.txt
id	PACKETSTORM:154993
last seen	2019-10-30
published	2019-10-28
reporter	Erik Steltzner
source	https://packetstormsecurity.com/files/154993/Infosysta-Jira-1.6.13_J8-User-Name-Disclosure.html
title	Infosysta Jira 1.6.13_J8 User Name Disclosure

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References