来源

关联漏洞

描述

Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179

介绍

# CVE-2020-14179

Sensitive data exposure via `/secure/QueryComponent!Default.jspa` endpoint

- Priority: High
- Affects Version/s: 8.6.0 | 8.8.0 | 8.5.5 | 8.9.0 | 8.10.0 | 8.11.0

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the `/secure/QueryComponent!Default.jspa` endpoint. 

As my knowledge goes, 9.11.0, 9.7.1...  also affected 😂

## Overview of [CVE-2020-14179_Finder.sh](https://github.com/mrnazu/CVE-2020-14179/blob/main/CVE-2020-14179_Finder.sh)
CVE-2020-14179 Finder is a simple bash script designed to check if a target is vulnerable to the `CVE-2020-14179`. 

The script uses a specific HTTP request via `curl` to the `/secure/QueryComponent!Default.jspa` endpoint and analyzes the response to determine vulnerability.

## Features
- Sends a request to the specified endpoint `/secure/QueryComponent!Default.jspa`.
- Analyzes the response to determine vulnerability.
- Outputs color-coded results for easy identification.
- Stores request and response details in the "results" folder.

![image](https://github.com/mrnazu/CVE-2020-14179/assets/108541991/a7ef4116-a2cd-47ff-bc05-783e92bfa62c)

## Installation
1. Clone the repository:
- `git clone https://github.com/mrnazu/CVE-2020-14179.git`
2. Navigate to the script directory:
- `cd CVE-2020-14179`
3. Run the script:
- For a list of targets from a file: `./CVE-2020-14179_Finder.sh -l target.txt`
- For a single target URL: `./CVE-2020-14179_Finder.sh -u http://target.com/`

## Contributions
This script is provided for educational and research purposes only. Use it responsibly and only on systems you have permission to test.

文件快照

 [4.0K]  /data/pocs/de714c823cf2f6d923a358c2b0d80e00765012d9
├── [3.2K]  CVE-2020-14179_Finder.sh
└── [1.7K]  README.md

0 directories, 2 files

备注