๐ U.S. Dept Of Defense: [โโโโโโโโโ] Information disclosure due unauthenticated access to APIs and system browser functions
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Description: Multiple information exposure vulnerabilites were identified in a Jira Server instance (unauthenticated access to APIs and system browser functions). This report describes a combination of two separate vulnerabilities in two separate services This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. the vulnerable registered as references JRASERVER-73060 References https://jira.atlassian.com/browse/JRASERVER-73060 https://nvd.nist.gov/vuln/detail/CVE-2020-14179 Impact Unauthorised access and the data should not be visible. Project categories, resolutions, and usernames are listed even if the API is not authenticated System Host(s) โโโโโโโ Affected Product(s) and Version(s) โโโโโโโโโโ CVE Numbers CVE-2020-14179 Steps to Reproduce Steps to Reproduce Navigate visit the target scope is https://โโโโโโโโโโ/secure/JiraCreditsPage!default.jspa And now we found a directory is jira sensitive Lets send a curl request to the ?maxResults=1000 endpoint, as shown below. In the request, point the post request to the server address you want to send the request to: Here's the HTTP Parameter request that the issue: GET /rest/menu/latest/admin HTTP/1.1 Host: โโโโโโโโโโ Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua-platform: "Mac OS" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors * https://โโโโ/secure/JiraCreditsPage!default.jspa *... ...