One of the most popular developer tools has a critical vulnerability

A new vulnerability that enables an attacker to obtain sensitive user information has been discovered in Jira which is a popular system for bug tracking, interacting with users and project management.

The information disclosure vulnerability, tracked as CVE-2020-14181, has a CVSS score of 5.3 and was first found by Positive Technologies expert Mikhail Klyuchnikov. The vulnerability affects Jira Server and Data Center and occurs because any unauthorized user can access a specific script.

Jira's developer Atlassian is known for making popular products that are used by 170,000 clients in over 190 countries and 83 percent of its customers are part of the Fortune Global 500.

Jira vulnerability

Senior security researcher at Positive Technologies Mikhail Klyuchnikov provided further insight on the vulnerability he discovered in a press release, saying:

"Such vulnerabilities help attackers to significantly save time in their attempts to breach systems: they make it possible to determine the presence of an account with a particular login in the system. By bruteforcing various logins, attackers can identify which users are present in the system. If a login exists, the system discloses the user's personal data (in cases where such data is present), and if a login is not found, the system reports it.

“After bruteforcing the existing logins, the attackers could go on to bruteforce the passwords of each existing user. Without this vulnerability, attackers would have to haphazardly bruteforce the passwords to logins which might not exist in the system. The vulnerability reduces the time hackers would need and decreases the probability of being detected, which, ultimately, makes the target less attractive for attackers. That's why we strongly recommend installing the updates."

Thankfully though, Atlassian has patched the vulnerability in product versions 7.13.6, 8.5.7 and 8.12.0 and customers should install it immediately to prevent falling victim to any potential attacks exploiting it.

How It works

Search Crack for

Latest IT News

Jan 15
Keyble features fingerprint authentication allowing users to make contactless payments and access digital services.
Jan 15
The Microsoft Teams recap feature will allow users to access important information from a meeting following its conclusion.
Jan 15
IBM has acquired managed service provider Taos in a deal expected to close in the first quarter of 2021.
Jan 15
The social network argues the extensions acted as spyware.
Jan 14
TeamViewer's new integration allows users to make video calls directly from the company's remote desktop software.
Jan 14
From casual microblogging to the fully-featured professional blog.
Jan 14
Putting together an online portfolio of your work doesn't have to be difficult or expensive.

Latest cracks