Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-29453 PoC — Atlassian Jira Server 和 Jira Data Center 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-29453.yaml
Associated Vulnerability
Title:Atlassian Jira Server 和 Jira Data Center 路径遍历漏洞 (CVE-2020-29453)
Description:Atlassian JIRA Server和Atlassian JIRA Data Center都是澳大利亚Atlassian公司的产品。Atlassian JIRA Server是一套缺陷跟踪管理系统的服务器版本。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。Atlassian JIRA Data Center是Atlassian JIRA的数据中心版本。 Jira Server and Jira Data Center 存在安全漏洞,攻击者可利用该漏洞通过错误的路径访问检查读取WEB-INF和ME
Description
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
File Snapshot

 id: CVE-2020-29453

info:
  name: Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.