From 08a6342a999f34a7bf30db8a8474b465bf36dc8f Mon Sep 17 00:00:00 2001
From: N7WEra <59871507+N7WEra@users.noreply.github.com>
Date: Mon, 11 Dec 2023 14:25:00 +0000
Subject: [PATCH] Update page

to reflect changes in the API
---
 network-services-pentesting/pentesting-web/jira.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/network-services-pentesting/pentesting-web/jira.md b/network-services-pentesting/pentesting-web/jira.md
index c3582476..70f5d160 100644
--- a/network-services-pentesting/pentesting-web/jira.md
+++ b/network-services-pentesting/pentesting-web/jira.md
@@ -23,6 +23,15 @@ Inside a Jira instance **any user** (even **non-authenticated**) can **check its
 If a **non-authenticated** user have any **privilege**, this is a **vulnerability** (bounty?).\
 If an **authenticated** user have any **unexpected privilege**, this a a **vuln**.
 
+Update: As of 18th September 2023 - the 'mypermissions' endpoint requires a 'permission' parameter with one of the following parameters
+[https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
+- BROWSE_PROJECTS
+- CREATE_ISSUES
+- ADMINISTER_PROJECTS
+
+Example: `https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=BROWSE_PROJECTS,CREATE_ISSUES,ADMINISTER_PROJECTS`
+
+
 ```bash
 #Check non-authenticated privileges
 curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'