CVE-2020-36289 PoC — Atlassian JIRA Server 和 Atlassian JIRA Data Center 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-36289.yaml

Associated Vulnerability

Title:Atlassian JIRA Server 和 Atlassian JIRA Data Center 信息泄露漏洞 (CVE-2020-36289)
Description:Atlassian JIRA Server和Atlassian JIRA Data Center都是澳大利亚Atlassian公司的产品。Atlassian JIRA Server是一套缺陷跟踪管理系统的服务器版本。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。Atlassian JIRA Data Center是Atlassian JIRA的数据中心版本。 Atlassian Jira Server and Data Center存在安全漏洞。攻击者可以利用该漏洞枚举用户。

Description

Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.

File Snapshot


 id: CVE-2020-36289

info:
  name: Jira Server and Data Center - Information Disclosure
  author: dhi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!