CVE-2019-8449 PoC — Atlassian Jira 访问控制错误漏洞

Source

https://github.com/r0lh/CVE-2019-8449

Associated Vulnerability

Title:Atlassian Jira 访问控制错误漏洞 (CVE-2019-8449)
Description:Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira 8.4.0之前版本中的/rest/api/latest/groupuserpicker资源存在访问控制错误漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Description

User Enumeration Proof Of Concept Exploit for CVE-2019-8449

Readme

# CVE-2019-8449

Proof Of Concept Exploit for CVE-2019-8449

Jira < 8.4.0

User Enumeration

Detail: https://www.cvedetails.com/cve/CVE-2019-8449/

Usage
$ go run CVE-2019-8449.go -f USERFILE.txt -p 8080 -u example.com

File Snapshot


 [4.0K]  /data/pocs/7b8e4fe997e4b8ddac5a55aac914ba5aca8084de
├── [2.4K]  CVE-2019-8449.go
└── [ 219]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!