While doing my own research recently, I discovered exposed Jira dashboards for several companies. While there is no guarantee that those companies own those dashboards, it is a reasonably safe assumption to make.
Brown Thomas also had exposed filters and dashboard names:
Since you can't actually click into the projects, this kind of misconfiguration doesn't have a huge impact. However, it does still leak information such as the names of ongoing projects, the filters they have added to Jira, and so on. It is sensitive information. In the above examples, there are instances of employee names being present in the project titles.
Nonetheless, it is fun to find, and you can even view a list of users in some cases. I found most of these dashboards (the latter 10, in fact) on the same night, in about two hours. Some of these companies (Circle K, Teradata, SanDisk for example) are huge names. It's worth noting that most of these dashboards are vulnerable to CVE-2020–14179, which leaks a little bit more information.
My DuckDuckGo XSS has 14 days remaining until I can disclose it, and I'm really looking forward to sharing that.