Scribd
Upload
287 views1 page

Report

Atlassian Jira authentication credentials were found publicly exposed on GitHub, allowing potential unauthorized access to internal data and privilege escalation. The credentials were located in a specific repository and are likely valid as they were added recently. This exposure poses risks including data leaks, compliance violations, and damage to reputation.

Uploaded by

elraeybasel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
287 views1 page

Report

Atlassian Jira authentication credentials were found publicly exposed on GitHub, allowing potential unauthorized access to internal data and privilege escalation. The credentials were located in a specific repository and are likely valid as they were added recently. This exposure poses risks including data leaks, compliance violations, and damage to reputation.

Uploaded by

elraeybasel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Hi team,

Hope you are doing well.

Summary:
A set of Atlassian Jira auth credentials was found publicly exposed on GitHub in a
repository related to https://epam.atlassian.net.These credentials could allow an
attacker to log into the system and access internal data & escalate privileges.

Steps To Reproduce:
1- Navigate to :
https://github.com/Touheedk946/HomeWork/blob/a3781fb5083f20c49b7ea304c0246a5066f849
c1/Epam/Jira_Test/src/main/java/com/example/jira/Main.java#L12

2- Notice that the credentials are leaked at Line 12:

// Jira Base URL and Authentication Credentials


String baseUrl = "https://epam.atlassian.net";
String username = "[email protected]";
String password = "bt5019DPa2#YU";

I stopped testing here as there is a big Success rate those creds are correct as
they are added only since one month.

Impact:
Unauthorized Access: Attackers can log in using the exposed credentials lead to
ATO.
Data Exposure: Potential access to sensitive internal data.
Privilege Escalation: If the user has admin privileges, an attacker could gain full
control.
Reputation Damage: Public exposure could lead to data leaks, compliance violations,
and trust issues.

You might also like