Description

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser.

Related CPE's

a

deviniti

issue_sync

*

*

*

*

*

jira

Vulnerable

References

http://deviniti.com

Product

http://issue.com

Product

https://github.com/D23K4N/CVE/blob/main/CVE-2023-30285.md

Third Party Advisory

http://deviniti.com

Product

http://issue.com

Product

https://github.com/D23K4N/CVE/blob/main/CVE-2023-30285.md

Third Party Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-05-31T12:15:09.410

1 year ago

Last modified

2025-01-10T17:15:11.410

4 months ago