๐ U.S. Dept Of Defense: [โโโโโโโ] Information disclosure due unauthenticated access to APIs and system browser functions
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Description: Multiple information exposure vulnerabilites were identified in a Jira Server instance (unauthenticated access to APIs and system browser functions). This report describes a combination of two separate vulnerabilities in two separate services This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. the vulnerable registered as references JRASERVER-73060 References https://jira.atlassian.com/browse/JRASERVER-73060 https://nvd.nist.gov/vuln/detail/CVE-2020-14179 Impact Unauthorised access and the data should not be visible. Project categories, resolutions, and usernames are listed even if the API is not authenticated System Host(s) โโโโโโ Affected Product(s) and Version(s) CVE Numbers CVE-2020-14179 Steps to Reproduce Navigate visit the target scope is https://โโโโโโโโโ/secure/JiraCreditsPage!default.jspa And now we found a directory is jira sensitive Lets send a curl request to the ?maxResults=1000 endpoint, as shown below. In the request, point the post request to the server address you want to send the request to: Here's the HTTP Parameter request that the issue: GET /rest/menu/latest/admin HTTP/1.1 Host: โโโ Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua-platform: "Mac OS" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors * https://โโโโโโ/secure/JiraCreditsPage!default.jspa * https://โโโโโโโ/rest/menu/latest/admin?maxResults=1000 Suggested... ...