Unauthenticated User Data Export Vulnerability in Netic User Export Add-on for Atlassian Jira

Unauthenticated User Data Export Vulnerability in Netic User Export Add-on for Atlassian Jira

CVE-2022-38367 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.

Learn more about our User Device Pen Test.