Ninja privilege escalation detection and prevention system version 0.1.3 suffers from a race condition vulnerability.
0c04f125429ae3d5bf78e45cae4f47cf93b72213a6ec0a6ae100e2ab1807e2e3
This is a metasploit exploit for Jira Scriptrunner version 2.0.7. This Jira plugin does not use the built in Jira protections (websudo or CSRF tokens) to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by default in a windows environment Jira will be run as system.
f7e10861901a1d9665e685842d12a026c5ffc0c56dbc38b827eb7b239eef52e1