Jira can be an interesting attack target for recon, lateral movement, and exfiltration - but it is made all the more dangerous by a simple permissions misconfiguration at the heart of hundreds of exposed Jira instances discovered by the Varonis Threat Research Team.
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss why attackers would target Jira, dive into the threat research to understand how the misconfiguration could go unnoticed by admins, and how attackers can leverage the Jira APIs to extract even more info than is available in the product interface.
__To learn more about this misconfiguration, and how to remediate it, please visit: https://www.varonis.com/blog/jira-permissions/
Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cyber security and technology best practices.