CVE-2022-39960

Name of the Vulnerable Software and Affected Versions The Netic Group Export add-on for Atlassian Jira versions prior to 1.0.3

Description The issue is related to the lack of authorization checks in the affected software. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport download=true request to a "plugins/servlet/groupexportforjira/admin/" URI.

Recommendations For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "plugins/servlet/groupexportforjira/admin/" URI to prevent unauthorized group exports.