From 1b0683e4a365db215ae168aa8bee7bc4633cbf9f Mon Sep 17 00:00:00 2001
From: Techbrunch <Techbrunch@users.noreply.github.com>
Date: Mon, 6 Jul 2020 18:03:33 +0200
Subject: [PATCH 1/2] Create jira-unauthenticated-projects.yaml

If public sharing is ON it allows users to share projects with all users including those that are not logged in. Those projects could reveal potentially sensitive information.
---
 .../jira-unauthenticated-projects.yaml         | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 security-misconfiguration/jira-unauthenticated-projects.yaml

diff --git a/security-misconfiguration/jira-unauthenticated-projects.yaml b/security-misconfiguration/jira-unauthenticated-projects.yaml
new file mode 100644
index 0000000000..79fc040db8
--- /dev/null
+++ b/security-misconfiguration/jira-unauthenticated-projects.yaml
@@ -0,0 +1,18 @@
+id: jira-unauthenticated-projects
+
+info:
+  name: Jira Unauthenticated Projects
+  author: TechbrunchFR
+  severity: Info
+  
+requests: 
+  - method: GET
+    path:
+      - "{{BaseURL}}/rest/api/2/project?maxResults=100"
+    matchers:
+      - type: word
+        words:
+          - 'projects'
+          - 'startAt'
+          - 'maxResults'
+        condition: and

From e2373db4187207b28b0bb7e1079b3585e672e6b2 Mon Sep 17 00:00:00 2001
From: bauthard <8293321+bauthard@users.noreply.github.com>
Date: Mon, 6 Jul 2020 22:30:26 +0530
Subject: [PATCH 2/2] Update jira-unauthenticated-projects.yaml

---
 security-misconfiguration/jira-unauthenticated-projects.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security-misconfiguration/jira-unauthenticated-projects.yaml b/security-misconfiguration/jira-unauthenticated-projects.yaml
index 79fc040db8..2cb3a52bf7 100644
--- a/security-misconfiguration/jira-unauthenticated-projects.yaml
+++ b/security-misconfiguration/jira-unauthenticated-projects.yaml
@@ -4,8 +4,8 @@ info:
   name: Jira Unauthenticated Projects
   author: TechbrunchFR
   severity: Info
-  
-requests: 
+
+requests:
   - method: GET
     path:
       - "{{BaseURL}}/rest/api/2/project?maxResults=100"