CVE-2019-8449 PoC — Atlassian Jira 访问控制错误漏洞

Source

https://github.com/mufeedvh/CVE-2019-8449

Associated Vulnerability

Title:Atlassian Jira 访问控制错误漏洞 (CVE-2019-8449)
Description:Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira 8.4.0之前版本中的/rest/api/latest/groupuserpicker资源存在访问控制错误漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Description

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Readme

# CVE-2019-8449
CVE-2019-8449 Exploit for Jira Releases Below v8.3.4
<br><br>
<b>CVSS Score:</b> 5.0
<br>
<b>Vulnerability Type(s):</b> Information Disclosure
<br>
<b>Authentication:</b> Not Required
<br>
<b>Affected Versions:</b>  2.1 - 8.3.4
<br>
<b>Publish Date:</b> 2019-09-11
<br>
<b>Exploit-DB:</b> https://www.exploit-db.com/exploits/47990

# Description
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

# Usage
    python CVE-2019-8449.py

# Links
* https://jira.atlassian.com/browse/JRASERVER-69796
* https://nvd.nist.gov/vuln/detail/CVE-2019-8449
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8449
* https://www.cvedetails.com/cve/CVE-2019-8449/

File Snapshot


 [4.0K]  /data/pocs/9c77e0502e7e5c97df513641212ab15fb5ee7922
├── [3.3K]  CVE-2019-8449.py
└── [ 787]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!