Lucene search

K
hackeroneNjmulsqbH1:1278977
HistoryJul 27, 2021 - 12:14 p.m.

U.S. Dept Of Defense: Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint on ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆ

2021-07-2712:14:31
njmulsqb
hackerone.com
28

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

68.5%

Description:

Hi,
While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc.

References

https://jira.atlassian.com/browse/JRASERVER-71536
https://www.cvedetails.com/cve/CVE-2020-14179

Impact

It allows unauthenticated attackers like me to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint.

System Host(s)

ā–ˆā–ˆā–ˆ

Affected Product(s) and Version(s)

CVE Numbers

CVE-2020-14179

Steps to Reproduce

  1. Open browser
    2. Hit endpoint /jira/secure/QueryComponent!Default.jspa in the target
    3. Observe the results.

Suggested Mitigation/Remediation Actions

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

68.5%