Multiple vulnerabilities in Infosysta In-App & Desktop Notifications for Jira

Nov 5, 2019 12:00 pm Cyber Security 239

Published: 2019-11-05 | Updated: 2019-11-05




Severity
Medium
Patch available
YES
Number of vulnerabilities
4
CVE ID
CVE-2019-16906CVE-2019-16909CVE-2019-16908CVE-2019-16907
CWE ID
CWE-287
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #1 is available.Public exploit code for vulnerability #2 is available.Public exploit code for vulnerability #3 is available.Public exploit code for vulnerability #4 is available.
Vulnerable software
In-App & Desktop Notifications Subscribe
Vendor
Infosysta

Security Advisory



1) Improper Authentication


Severity: Medium


CVSSv3: 6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C] [PCI]


CVE-ID: CVE-2019-16906


CWE-ID: CWE-287 - Improper Authentication


Description

The vulnerability allows a remote attacker to bypass authentication process.


The vulnerability exists due to an error in the "/plugins/servlet/nfj/PushNotification?username=" URL. A remote attacker can modify the username, bypass authentication process and gain unauthorized read access to a different user's notifications.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

In-App & Desktop Notifications: 1.6.13_J8


CPE
External links

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-041.txt


Q & A


Can this vulnerability ..

Support the originator by clicking the read the rest link below.

multiple vulnerabilities infosysta desktop notifications
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!