Threat Watch

Jira Servers Leak Data of Multiple Organizations

Jira, known as a proprietary flaw tracking software used for project management in many operations, was discovered to have a misconfiguration in some of its servers. Corporations such as Google, Yahoo, NASA, Lenovo, 1Password, Zendesk as well as other entities had sensitive data exposed due to this issue. The researcher who discovered the leak determined that it happens when a new filter and dashboard come to fruition in the Jira cloud with visibility set to all, which is the default. Most users have the understanding that this would mean “all within the organization,” however it leaves the visibility open to all users on the internet. The information included was employee names, job roles, email addresses, as well as the state and development of the projects these employees were working on. When using Google Dork, researchers were able to find governments domains and educational institutions also. The details exposed on these servers could hold some value if they are found by threat actors and used as leverage in ransom-style attacks.

ANALYST NOTES

Users should make sure they change the default share setting and verify that the information being passed off is only viewable by the expected parties. Doing so should prevent the servers from being accessed by unauthorized people.