A NASA server running Jira, an application used by the space agency to track internal bugs for apps and projects, was leaking sensitive information including staff usernames, names and project names last year. Bug hunter Avinash Jain detected and reported the issue in early September 2018, but NASA only fixed the problem over 3 weeks later, without notifying or thanking Jain.
The information being revealed by the leaky web app was not very detailed, but could be used by attackers to carry out highly targeted spear phishing attacks directed at NASA employees.
Read more: https://www.zdnet.com/article/nasa-internal-app-leaked-employee-emails-project-names/
