cbcvebase.
CVE-2022-39960
published 2022-09-17

CVE-2022-39960: The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all…

PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
25.68%
97.7th percentile
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.

Affected

1 ranges
VendorProductVersion rangeFixed in
neticgroup_export< 1.0.31.0.3

Detection & IOCsextracted from sources · hover to see the quote

url/plugins/servlet/groupexportforjira/admin/json
path/plugins/servlet/groupexportforjira/admin/
commandgroupexport_searchstring=&groupexport_download=true
  • Look for unauthenticated POST requests to /plugins/servlet/groupexportforjira/admin/json with the parameter groupexport_download=true in the body.
  • A successful exploitation response will contain both 'jiraGroupObjects' and 'groupName' in the response body, and the response header will include 'attachment' and 'jira-group-export', with HTTP status 200.
  • Use Shodan queries for exposed Atlassian Jira instances as a reconnaissance pivot to identify potentially vulnerable targets.
  • ·The vulnerability affects only the Netic Group Export add-on versions before 1.0.3 for Atlassian Jira; the core Jira product itself is not vulnerable.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.