Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
View the template here CVE-2022-39960.yaml
References:
https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e