Description
The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://marketplace.atlassian.com/apps/1220535/user-export-for-jira
Third Party Advisory x_refsource_misc
https://gist.github.com/CveCt0r/72a0b6292cd8d80499cf5971ae58147f
Scores
CVSS v3
5.3
EPSS
0.0042
EPSS Percentile
34.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-862
Status
published
Products (1)
netic/user_export_for_jira
< 2.0.6
Published
Sep 05, 2022
Tracked Since
Feb 18, 2026