Inside Out Security Blog

Threat Update 67 - Jira Permission Leaks

Threat Update 67 - Jira Permission Leaks

Jira can be an interesting attack target for recon, lateral movement, and exfiltration - but it is made all the more dangerous by a simple permissions misconfiguration at the heart of hundreds of exposed Jira instances discovered by the Varonis Threat Research Team.

Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss why attackers would target Jira, dive into the threat research to understand how the misconfiguration could go unnoticed by admins, and how attackers can leverage the Jira APIs to extract even more info than is available in the product interface.

__To learn more about this misconfiguration, and how to remediate it, please visit: https://www.varonis.com/blog/jira-permissions/

We're Varonis.

We've been keeping the world's most valuable data out of enemy hands since 2005 with our market-leading data security platform.

How it works