H3-2025-0036
Jira Unauthenticated Access to Admin Projects
| Category | SECURITY_CONTROLS |
| Base Score | 6.5 |
Description
The vulnerability exists within certain Jira installations whereby the administrative projects endpoint is inadvertently exposed without sufficient authentication checks. In this case, a request to the endpoint (e.g. /rest/menu/latest/admin) returns a successful 200 status code along with sensitive metadata such as keys, links, labels, and self-referencing identifiers. Additionally, the presence of specific header values like the atlassian.xsrf.token indicates that the endpoint may be handling tokens meant for internal validation rather than for public consumption. As a result, the component intended for managing administrative projects can potentially be accessed by unauthenticated users. This misconfiguration can lead to unauthorized access to administrative interfaces, allowing an attacker to gather details about the internal configuration and possibly use the information for subsequent attacks. The accessibility of these endpoints not only violates the principle of least privilege but may also facilitate more sophisticated attack chains, such as bypassing additional access restrictions in the future. Attackers can easily craft GET requests to probe the endpoint, confirming the vulnerability and gathering intelligence. This lack of proper access control undermines the defensive posture of the Jira environment and raises concerns over the potential leakage of sensitive project configurations and system metadata, which are critical for ensuring the secure administration of the application.
Impact
If exploited, unauthorized individuals could retrieve sensitive administrative project configuration data. This may lead to further exploitation, including unauthorized modifications, escalation of privileges, and potential breaches of sensitive information, thereby compromising the integrity and confidentiality of the system.