Jira 8.5.8 & 8.6.0 - 8.11.1 unauthorized view of SLA fields.# Exploit Script Utility
## Overview
This repository contains a Python script designed to exploit CVE-2020-14179, a vulnerability affecting Atlassian Jira Server and Data Center versions prior to 8.5.8 and from 8.6.0 to 8.11.1. The vulnerability allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the `/secure/QueryComponent!Default.jspa` endpoint.
The script sends HTTP requests to a specified URL or a list of URLs and checks if the target is vulnerable to CVE-2020-14179 by analyzing the response for specific searchers.
## CVE-2020-14179
- **Published**: 2020-09-21
- **CVE ID**: CVE-2020-14179
- **Impact**: Sensitive Information Disclosure
- **Affected Versions**:
- Atlassian Jira Server and Data Center versions before 8.5.8
- Atlassian Jira Server and Data Center versions from 8.6.0 to 8.11.1
## Usage
### Prerequisites
- Python 3.x
- Required Python packages (install using `pip install -r requirements.txt`)
### Running the Script
#### Single URL
```bash
python3 main.py --url <target_url>
```
#### Multiple URLs (from a file)
```bash
python3 main.py --list <file_path>
```
#### Options
- `--dump`: Save the response data(json) for further analysis.
## Fixes
To mitigate the vulnerability, it is recommended to update Atlassian Jira Server and Data Center to version 8.5.8 or later. Additionally, users should follow security best practices and regularly update their software to protect against known vulnerabilities.
## License
This project is licensed under the [MIT License](LICENSE).
[4.0K] /data/pocs/4e92af27d7a1aac25662a49d15898c5074b31154
├── [1.1K] LICENSE
├── [1.8K] README.md
└── [4.0K] src
├── [8.2K] main.py
└── [ 28] requirements.txt
1 directory, 4 files