15/01/2019
|https://medium.com/@logicbomb_1/bugbounty-nasa-internal-user-and-project-details-are-out-2f2e3580421b
A NASA web app leaked details such as employee usernames, names, email addresses, and project names, ZDNet reported, citing bug hunter Avinash Jain.
The exposure originated from one of NASA's Jira installations, a web app that most companies use for tracking projects or internal bugs and issues.
“One of the biggest concerns of any company is ensuring that internal information is kept confidential and only available to specific individuals within and outside of an organization,” Jain’s report stated.
“There are a couple of settings in Jira that, when not configured properly, may disclose information about the application and its users and it can provide unauthorized access to some internal data of the companies to any other user over the internet. This information may aid an attacker in gaining access to the application,” the report added.