Vulnerabilities (CVE)

Filtered by vendor Infosysta Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16909 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.
CVE-2019-16908 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI.
CVE-2019-16907 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.
CVE-2019-16906 1 Infosysta 1 In-app \& Desktop Notifications 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user.