User Login Credential Disclosure in Deviniti Issue Sync Synchronization v3.5.2 for Jira

User Login Credential Disclosure in Deviniti Issue Sync Synchronization v3.5.2 for Jira

CVE-2023-30285 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser.

Learn more about our User Device Pen Test.