Starbucks: Information disclosure on

ID H1:632808
Type hackerone
Reporter johnstone
Modified 2019-11-13T00:41:11


Description: Hi,there.I found the host deployed the jira server which version is 7.9.2,there is many public vulnerability on this low version.

Information disclosured vulnerability 1.(CVE-2019-3403) visit the URL address,you can check the user whether is exist on this host So the attacker can enumerate all existing users on this jira server.

2.(CVE-2019-8442) visit the URL address,the server will leaking some server's information

Recommendations for fix

updated the jira server's version or fixed

PS:Can starbucks's team check my other report #533836 status?the report is not updated for too long. Thank you.looking forward for your reply. Best regards! @johnstone


Leaking some information about the server