Starbucks: Information disclosure on sim.starbucks.com

2019-06-3012:11:42

johnstone

hackerone.com

125

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.971 High

EPSS

Percentile

99.6%

JSON

Description:
Hi,there.I found the sim.starbucks.com host deployed the jira server which version is 7.9.2,there is many public vulnerability on this low version.

Information disclosured vulnerability
1.(CVE-2019-3403)https://jira.atlassian.com/browse/JRASERVER-69242
visit the URL address,you can check the user whether is exist on this host

https://sim.starbucks.com/rest/api/2/user/picker?query=admin

So the attacker can enumerate all existing users on this jira server.

2.(CVE-2019-8442)https://jira.atlassian.com/browse/JRASERVER-69241
visit the URL address,the server will leaking some server’s information

https://sim.starbucks.com/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml

Recommendations for fix

updated the jira server’s version or fixed

PS:Can starbucks’s team check my other report #533836 status?the report is not updated for too long.
Thank you.looking forward for your reply.
Best regards!
@johnstone