Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179# CVE-2020-14179
Sensitive data exposure via `/secure/QueryComponent!Default.jspa` endpoint
- Priority: High
- Affects Version/s: 8.6.0 | 8.8.0 | 8.5.5 | 8.9.0 | 8.10.0 | 8.11.0
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the `/secure/QueryComponent!Default.jspa` endpoint.
As my knowledge goes, 9.11.0, 9.7.1... also affected 😂
## Overview of [CVE-2020-14179_Finder.sh](https://github.com/mrnazu/CVE-2020-14179/blob/main/CVE-2020-14179_Finder.sh)
CVE-2020-14179 Finder is a simple bash script designed to check if a target is vulnerable to the `CVE-2020-14179`.
The script uses a specific HTTP request via `curl` to the `/secure/QueryComponent!Default.jspa` endpoint and analyzes the response to determine vulnerability.
## Features
- Sends a request to the specified endpoint `/secure/QueryComponent!Default.jspa`.
- Analyzes the response to determine vulnerability.
- Outputs color-coded results for easy identification.
- Stores request and response details in the "results" folder.
## Installation
1. Clone the repository:
- `git clone https://github.com/mrnazu/CVE-2020-14179.git`
2. Navigate to the script directory:
- `cd CVE-2020-14179`
3. Run the script:
- For a list of targets from a file: `./CVE-2020-14179_Finder.sh -l target.txt`
- For a single target URL: `./CVE-2020-14179_Finder.sh -u http://target.com/`
## Contributions
This script is provided for educational and research purposes only. Use it responsibly and only on systems you have permission to test.
[4.0K] /data/pocs/de714c823cf2f6d923a358c2b0d80e00765012d9
├── [3.2K] CVE-2020-14179_Finder.sh
└── [1.7K] README.md
0 directories, 2 files