Unauthenticated Access to Screens

Category: [Info Disclosure]

module name: check_unauthenticated_screens

url: /rest/api/2/screens

INFO: Checking for Unauthenticated Access to Screens
[Testing URL]: http://JIRASERVER/rest/api/2/screens
- No Unauthenticated Access to Screens Found
- HTTP Code: 405

INFO: Checking for Unauthenticated Access to Screens
[Testing URL]: http://JIRASERVER/rest/api/2/screens
- No Unauthenticated Access to Screens Found
- HTTP Code: 401

INFO: Checking for Unauthenticated Access to Screens
[Testing URL]: https://JIRASERVER/rest/api/2/screens
[+] [Info Disclosure] Unauthenticated Access to Screens: https://JIRASERVER/rest/api/2/screens

  Screens Details:
    - ID: 10700
      Name: Approval Name
      Description: Tells you who approved your issue

    - ID: 11100
      Name: CS: Jira Service Desk Screen
      Description: This Jira Service Desk Screen was generated automatically

    - ID: 1
      Name: Default Screen
      Description: Allows to update all system fields.

    - ID: 11200
      Name: HOT: Jira Service Desk Screen
      Description: This Jira Service Desk Screen was generated automatically

    - ID: 11210
      Name: HOT: Jira Service Desk Screen (1)
      Description: This Jira Service Desk Screen was generated automatically

    - ID: 11211
      Name: HOT: Jira Service Desk: Change Create Issue Screen
      Description: 

    - ID: 11212
      Name: HOT: Jira Service Desk: Change View/Edit Screen
      Description: 

    - ID: 11213
      Name: HOT: Jira Service Desk: Incident Create Issue Screen
      Description: 

    - ID: 11214
      Name: HOT: Jira Service Desk: Incident View/Edit Screen
      Description: 

    - ID: 11235
      Name: Jira Service Desk Pending Reason screen - 11
      Description: Screen to specify the pending reason when transitioning to the Pending status

References:

Unauthenticated Access to Screens - carnal0wnage/J-PWN GitHub Wiki