CVE-2020-14181 PoC — Atlassian Jira 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-14181.yaml

Associated Vulnerability

Title:Atlassian Jira 信息泄露漏洞 (CVE-2020-14181)
Description:Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira Server and Data Center 7.13.6版本之前存在安全漏洞，攻击者可利用该漏洞枚举用户信息。

Description

Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.

File Snapshot


 id: CVE-2020-14181

info:
  name: Jira Server and Data Center - Information Disclosure
  author: bjh

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!