Aggregates CVE and security vulnerability intelligence across all infosysta-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-16909 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. | [email protected] | 4.3 | 0.28% | 2019-11-01 | 2024-11-21 |
| CVE-2019-16908 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI. | [email protected] | 5.3 | 0.38% | 2019-11-01 | 2024-11-21 |
| CVE-2019-16907 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. | [email protected] | 5.3 | 0.34% | 2019-10-31 | 2024-11-21 |
| CVE-2019-16906 | An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | [email protected] | 7.5 | 0.36% | 2019-10-31 | 2024-11-21 |