Vulnerabilities > CVE-2022-39960 - Missing Authorization vulnerability in Netic Group Export 1.0.1

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
netic
CWE-862

Summary

The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.

Vulnerable Configurations

Part Description Count
Application
Netic
2

Common Weakness Enumeration (CWE)