CVE‐2019‐3401 - carnal0wnage/J-PWN GitHub Wiki

CVE-2019-3401

Category [Info Disclosure]

[CG] This page is always a 200 but doesnt always have shared content. Added a check to look for "Shared With" for a true positive

module name: check_cve_2019_3401

url: /secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false

Popular Filters

/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false

INFO: Checking for CVE-2019-3401 Unauthenticated Popular Filters with Shared Content
[-] Not Vulnerable to CVE-2019-3401 | No Shared Popular Filters found

+ CVE-2019-3401 Unauthenticated Popular Filter with Shared Content [Manually Inspect] 
  URL: http://JIRA/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false

---

From: https://hackerone.com/reports/139970

Issue

Issue with NewRelic’s account is a bit similar to http://www.geek.com/games/valve-has-56-people-working-on-half-life-3-1572498/. It’s occurs because of wrong permissions scheme and leads to leak of some sensitive data. Whether the user is logged in or not in JIRA applications he is able to see all shared filters and dashboards. Basically, the instance is externally exposed to non-logged users.

There were detected leaking of such internal information:

employees roles, upcoming milestones, secret project and features through JIRA filters / dashsboards Please use urls below to review this leaks:

https://newrelic.atlassian.net/secure/ConfigurePortalPages!default.jspa?view=popular
https://newrelic.atlassian.net/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false

Resolution

Analyze each specific Filter or Dashboard shared with everyone by looking for “Shared with all users”, in the “Manage Filters” and “Manage Dashboards” sections, and grant permissions to specific groups.