Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Threat Update 67 - Jira Permission Leaks

Jira can be an interesting attack target for recon, lateral movement, and exfiltration - but it is made all the more dangerous by a simple permissions misconfiguration at the heart of hundreds of exposed Jira instances discovered by the Varonis Threat Research Team.
Kilian Englert
1 min read
Last updated February 11, 2022

Contents

    Jira can be an interesting attack target for recon, lateral movement, and exfiltration - but it is made all the more dangerous by a simple permissions misconfiguration at the heart of hundreds of exposed Jira instances discovered by the Varonis Threat Research Team.

    Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss why attackers would target Jira, dive into the threat research to understand how the misconfiguration could go unnoticed by admins, and how attackers can leverage the Jira APIs to extract even more info than is available in the product interface.

    __To learn more about this misconfiguration, and how to remediate it, please visit: https://www.varonis.com/blog/jira-permissions/

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
    Kilian Englert
    Kilian Englert Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cybersecurity and technology best practices.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    meet-datadvantage-cloud:-data-centric-security-for-saas-&-iaas
    Meet DatAdvantage Cloud: Data-Centric Security for SaaS & IaaS
    meet-datadvantage-cloud:-data-centric-security-for-saas-&-iaas
    Nathan Coppinger
    May 17, 2021
    Today we’re happy to announce early access to DatAdvantage Cloud. Our new cloud-hosted solution brings Varonis’ data-centric security approach to AWS, Box, GitHub, Google Drive, Jira, Okta, Salesforce, Slack, and…
    no-time-to-rest:-check-your-jira-permissions-for-leaks
    No Time to REST: Check Your Jira Permissions for Leaks
    no-time-to-rest:-check-your-jira-permissions-for-leaks
    Omri Marom
    November 17, 2021
    Varonis researchers enumerated a list of 812 subdomains and found 689 accessible Jira instances. We found 3,774 public dashboards, 244 projects, and 75,629 issues containing email addresses, URLs, and IP...
    reconnect---meet-datadvantage-cloud
    ReConnect - Meet DatAdvantage Cloud
    reconnect---meet-datadvantage-cloud
    Kilian Englert
    June 28, 2021
    Varonis introduced an exciting new cloud-hosted solution that brings our data-centric security approach to AWS, Box, GitHub, Google Drive, Jira, Okta, Salesforce, Slack, and Zoom!
    varonis-launches-third-party-app-risk-management
    Varonis Launches Third-Party App Risk Management
    varonis-launches-third-party-app-risk-management
    Nathan Coppinger
    April 25, 2023
    Varonis reduces your SaaS attack surface by discovering and remediating risky third-party app connections.