A misconfigured Jira dashboard was found to be publicly accessible without authentication. This allowed any unauthenticated user to access internal project names, issue titles, usernames, and sometimes ticket descriptions or comments. Anyone can access to this internal service portal via ENDPOINT and request access to jira services. The support portal are supposed to cover various topics, such as HR,developer operations, data and privacy request and should not be publicly accessible. steps to reproduce : 1.go to https://koinly.atlassian.net/servicedesk/customer/user/login 2.enter any email u have access to and click on the sign-up 3.a link from the service helpdesk for further signup process is presented in the mailbox. 4.click the link and proceed to create credentials for login to jira Impact Summary: jira misconfiguration leading to publicly accessible service desk Create requests for an internal team without being a part of the company Anyone can raise ticket to the internal teams and ask for certain access, account or reimbursement. request access and support for VPN, Google group membership permissions, hardware and software access 5.Information Disclosure: Attackers can see issue titles and summaries which may include sensitive or confidential data (e.g., "Credentials Hardcoded in Git", "Production DB Down")