漏洞平台

POC详情： e0f317a4d3690818ec39fdb0fcc00d9fbdedee17

来源

https://github.com/0romos/CVE-2020-14179

关联漏洞

标题： Atlassian Jira 信息泄露漏洞 (CVE-2020-14179)
描述：Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira 存在安全漏洞。该漏洞源于Jira Server and Data Center允许远程、未经身份验证的攻击者通过/secure/QueryComponent!Default中的一个信息泄露漏洞查看定制字段名和定制SLA名。以下是受影响的产品及版本：8.5.8版本之前，8.6.0版本至8.11.1版本。

描述

𓃌 - Atlassian Jira Information Disclosure SLA & Field names

介绍

# Exploit Script Utility


![GitHub](https://img.shields.io/github/license/0romos/CVE-2020-14179)
![GitHub last commit](https://img.shields.io/github/last-commit/0romos/CVE-2020-14179)

## Overview

This repository contains a Python script designed to exploit CVE-2020-14179, a vulnerability affecting Atlassian Jira Server and Data Center versions prior to 8.5.8 and from 8.6.0 to 8.11.1. The vulnerability allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the `/secure/QueryComponent!Default.jspa` endpoint.

The script sends HTTP requests to a specified URL or a list of URLs and checks if the target is vulnerable to CVE-2020-14179 by analyzing the response for specific searchers.

## CVE-2020-14179


- **Published**: 2020-09-21
- **CVE ID**: CVE-2020-14179
- **Impact**: Sensitive Information Disclosure
- **Affected Versions**:
  - Atlassian Jira Server and Data Center versions before 8.5.8
  - Atlassian Jira Server and Data Center versions from 8.6.0 to 8.11.1

## Usage

### Prerequisites

- Python 3.x
- Required Python packages (install using `pip install -r requirements.txt`)

### Running the Script

#### Single URL

```bash
python3 main.py --url <target_url>
```

#### Multiple URLs (from a file)

```bash
python3 main.py --list <file_path>
```

#### Options

- `--dump`: Save the response data(json) for further analysis.

## Fixes

To mitigate the vulnerability, it is recommended to update Atlassian Jira Server and Data Center to version 8.5.8 or later. Additionally, users should follow security best practices and regularly update their software to protect against known vulnerabilities.

## License

This project is licensed under the [MIT License](LICENSE).

文件快照


 [4.0K]  /data/pocs/e0f317a4d3690818ec39fdb0fcc00d9fbdedee17
├── [1.0K]  LICENSE
├── [1.7K]  README.md
└── [4.0K]  src
    ├── [7.9K]  main.py
    └── [  25]  requirements.txt

1 directory, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。