Skip to content
Nuclei Templates

Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization

ID: CVE-2019-3401

Severity: medium

Author: TechbrunchFR,milo2012

Tags: cve,cve2019,jira,atlassian,exposure

Description

Section titled “Description”

Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2019-3401


info:
  name: Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
  author: TechbrunchFR,milo2012
  severity: medium
  description: Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
  impact: |
    The vulnerability allows unauthorized users to access sensitive information or perform unauthorized actions.
  remediation: Ensure this permission is restricted to specific groups that require it via Administration > System > Global Permissions. Turning the feature off will not affect existing filters and dashboards. If you change this setting, you will still need to update the existing filters and dashboards if they have already been shared publicly. Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
  reference:
    - https://jira.atlassian.com/browse/JRASERVER-69244
    - https://nvd.nist.gov/vuln/detail/CVE-2019-3401
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2019-3401
    cwe-id: CWE-863
    epss-score: 0.0055
    epss-percentile: 0.7504
    cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: atlassian
    product: jira
    shodan-query:
      - http.component:"Atlassian Jira"
      - http.component:"atlassian jira"
      - http.component:"atlassian confluence"
      - cpe:"cpe:2.3:a:atlassian:jira"
  tags: cve,cve2019,jira,atlassian,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}/secure/ManageFilters.jspa?filter=popular&filterView=popular"


    matchers:
      - type: word
        words:
          - '<span data-filter-field="owner-full-name">'
          - '<title>Manage Filters - Jira</title>'
        condition: and


# Remediation:
# Ensure that this permission is restricted to specific groups that require it.
# You can restrict it in Administration > System > Global Permissions.
# Turning the feature off will not affect existing filters and dashboards.
# If you change this setting, you will still need to update the existing filters and dashboards if they have already been
# shared publicly.
# Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
# digest: 490a00463044022079f8831b490e4abe0427478b4aa6f4844876a95407791faa0f39e78a117a4e7302204eebeb03b5954c142734a5d6e80ff7ad9fb34c7a065b5869eb5b439f1ec9e192:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-3401.yaml"

View on Github