References | Methodology | Notes

Methodology

Currently j-pwn runs the unauthenticated checks then CVE checks

Rough Hacking Outline

• Get version
• Look for signup for servicedesk and jira
• If not signup...search for Unauthenticated Info Disclosure
• Then look for vulnerabilities

API Docs

Server API

https://docs.atlassian.com/software/jira/docs/api/REST/

https://docs.atlassian.com/software/jira/docs/api/REST/1000.1000.0/

cloud API v3

https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/#version

cloud API v2

https://developer.atlassian.com/cloud/jira/platform/rest/v2/intro/#version

Notes

Issues

https://JIRASERVER/issues/{issueID}

https://JIRASERVER/rest/api/2/issue/{issueID}/?fields=comment

https://JIRASERVER/rest/api/2/issue/{issueID}/?fields=attachment

https://JIRASERVER/rest/api/2/issue/{issueID}/?fields=assignee

https://JIRASERVER/rest/api/2/issue/{issueID}/?fields=watchers

Projects

https://JIRASERVER/jira/rest/api/2/project <-- lists projects

https://JIRASERVER/jira/rest/api/2/user/assignable/multiProjectSearch?projectKeys=AW <--an API call to validate projects

ref: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-user-search/#api-group-user-search

Another API call to validate projects

https://JIRASERVER/jira/rest/api/2/projectvalidate/key?key=AZ`
{"errorMessages":[],"errors":{}}

https://JIRASERVERm/jira/rest/api/2/projectvalidate/key?key=AW
{"errorMessages":[],"errors":{"projectKey":"Project 'Aldo Wolf' uses this project key."}}

Post Auth

• https://github.com/sahadnk72/jecretz

• https://github.com/werdhaihai/AtlasReaper

CVEs

• https://vulners.com/search/vendors/Atlassian/products/Jira/