triaged accepted fixed
Google comment
The panel decided that the security impact of this issue did not meet the criteria to qualify for a reward (Users can create accounts and can create help desk tickets. However, they cannot view tickets created by other users, or modify any of the existing tickets).
Summary: Unauthorized access of jira admin & Api rest information disclosing by jira service.
Steps to reproduce:
Go to URL: https://verily.atlassian.net/servicedesk/customer/user/signup
Now enter an email for signup and get conformation link.
After signup we have access of admin with there service.
Now one by check all 5 tabs available in jira page. with all access of edit, delete, request, and manipulation access without authorization.
Now again visit URL by Incognito windows: https://verily.atlassian.net/rest/api/2/dashboard?maxResults=100
https://verily.atlassian.net/jira/projects
Now by first url we have unauthorized api rest information disclosing.
Second one for verifying the product of "verily".
Browser/OS: Chrome/Windows11
Solution: Update the jira version for verily server and domains.
Poc: I have attached a video for step to step demonstration Video Link: https://1drv.ms/v/s!ApqnwYzfSjpShBz5vyEtDKxFTev1
Attack scenario: As an attacker I have admin access with full authorized like delete, edit, request, change, and manipulation access. And also have rest api unauthorized information disclosing of admin.
Acquisition info: yes, it's product of google.