CVE-2022-39960 PoC — Atlassian Jira 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-39960.yaml

Associated Vulnerability

Title:Atlassian Jira 安全漏洞 (CVE-2022-39960)
Description:Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira Netic Group Export 1.0.3之前版本存在安全漏洞，该漏洞源于不执行授权检查。这可能允许未经身份验证的用户通过向plugins/servlet/groupexportforjira/admin/ URI发出groupexport_download=true请求，从Jira实例中导出所有组。

Description

Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.

File Snapshot


 id: CVE-2022-39960

info:
  name: Jira Netic Group Export <1.0.3 - Missing Authorization
  author: F

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!