CVE-2023-30285

Vulnerability

The Issue Sync - Synchronization for Jira plugin by Deviniti, in versions prior to 3.5.2, exposes an endpoint /rest/synchronizer/1.0/technicalUser that returns a list of technical users with their passwords encoded in base64. The vulnerability requires the attacker to have a valid Jira account with the plugin installed [3].

Exploitation

An attacker with any valid Jira account can send a GET request to /rest/synchronizer/1.0/technicalUser. The response contains the usernames and base64-encoded passwords of all technical users configured in the plugin. No additional privileges or user interaction is required [3].

Impact

Successful exploitation allows the attacker to obtain the login credentials of technical users, which often have elevated permissions across Jira projects. This can lead to unauthorized access to sensitive data stored in other projects, potential privilege escalation, and further compromise of the Jira instance [3].

Mitigation

The vulnerability is fixed in version 3.5.2 of the plugin. Users should upgrade to version 3.5.2 or later. No workarounds have been disclosed. The issue is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date [3].