Unauthenticated Issues (With Content) - carnal0wnage/J-PWN GitHub Wiki

Unauthenticated Issues (With Content)

Category: [INFO DISCLOSURE]

module name: check_unauthenticated_issues

url: /rest/api/2/search?jql=ORDER%20BY%20Created&maxResults=2

[CG] every Jira will let you hit this endpoint but most don't have any info, so this check makes sure the total results are greater than 0 before calling it a success

INFO: Checking for Unauthenticated Issues with Content
+ [Info Disclosure] - Unauthenticated Issues Detected
  URL: https://JIRA/rest/api/2/search?jql=ORDER%20BY%20Created&maxResults=2
  Total Issues: 140

Issue ID      : 13178
Issue Key     : IT-141
Summary       : REMOVED
Description   : Customer Portal:
https://JIRA/servicedesk/customer/portals
Status        : DSI
Priority      : Średni
Reporter      : Robert 
Created Date  : 2019-01-16T11:16:12.000+0100
--------------------------------------------------
Issue ID      : 10611
Issue Key     : IT-140
Summary       : Information [REMOVED]
Description   : Ladies and Gentlemen
Status        : Backlog
Priority      : Średni
Reporter      : Robert 
Created Date  : 2017-08-31T11:42:14.000+0200
--------------------------------------------------

[CG] is this works you may want to run

check_cve_2020_14185

and

check_download_public_attachment to see if you can do more with the attachments