Exposed JIRA service desks grant access to organizations' internal operations

Internal ticketing tool Atlassian JIRA's unsecured service desks were publicly exposed, allowing attackers to raise internal tickets for multiple departments.
Updated on
April 19, 2023
Published on
April 8, 2020
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
In an attempt to fight the spread of Coronavirus, Governments are carrying out social distancing measures with the cooperation of its citizens, local agencies, and businesses. With remote work becoming the new normal, companies are setting up tools and processes to facilitate to ensure their business is not affected by the crisis. This has led to the unprecedented adoption and usage of Project management and internal ticketing tools such as Atlassian JIRA and Asana. However, it was recently found that several of Atlassian JIRA’s internal service desks were found publicly exposed and attackers were able to retool them to act as internal service ticket portals. The following Google dork compiles the list of open JIRA service desks: site:atlassian.net AND “Enter your e-mail address and we will send you a private sign up link”
List of open JIRA service desks on Google
List of open JIRA service desks on Google
This allows attackers to sign up as employees and raise legitimate internal requests.
JIRA sign up page that only requires user email id
JIRA sign up page that only requires user email id
Since all internal requests are not authenticated, attackers take advantage of the situation to set up projects for multiple departments such as IT, Finance, Legal, HR, etc. This provides the attackers a leeway to access to users’ email addresses, employee information, customer details, social media channels and internal tools. It also allows them to make changes to online assets, request salary changes, and even request for access badges to the company’s office premises. So, if you are working remotely, ensure all your project management, ticketing, and collaboration tools are secure.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations