Vulnerabilities > CVE-2022-38367 - Missing Authorization vulnerability in Netic User Export for Jira

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

netic

CWE-862

NVD

Published: 2022-09-05

Updated: 2024-11-21

Summary

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.

Vulnerable Configurations

Part	Description	Count
Application	Netic Netic User Export FOR Jira *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://gist.github.com/CveCt0r/72a0b6292cd8d80499cf5971ae58147f
https://gist.github.com/CveCt0r/72a0b6292cd8d80499cf5971ae58147f
https://marketplace.atlassian.com/apps/1220535/user-export-for-jira
https://marketplace.atlassian.com/apps/1220535/user-export-for-jira