Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jira Unauthenticated Project Categories" module is designed to detect misconfigurations in Atlassian Jira, a popular project management software. It focuses on identifying project categories that can be accessed without authentication. This module is created by an unknown author.
This module has an informative severity level, which means it provides valuable information but does not pose a direct security risk.
If misconfigurations are found, unauthorized users may be able to view and modify project categories in Jira without proper authentication. This could lead to unauthorized access to sensitive project information and potential data breaches.
The module sends an HTTP GET request to the "/rest/api/2/projectCategory?maxResults=1000" endpoint in Jira. It includes specific matching conditions to ensure accurate detection:
- The response must have a status code of 200. - The response headers must contain the word "atlassian.xsrf.token". - The response body must contain the words "self", "description", and "name".If all the matching conditions are met, the module reports a potential misconfiguration in the Jira instance.
Here is an example of the HTTP request sent by the module:
GET /rest/api/2/projectCategory?maxResults=1000
Note: The actual module definition is not shown here for simplicity.
It is important to regularly scan and address any misconfigurations in Jira to ensure the security and integrity of project data.