Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.JIRA_2021_07_21.NASL
HistoryJul 29, 2021 - 12:00 a.m.

Atlassian Jira Data Center / Jira Service Management Data Center Missing Authentication (2021-07-21)

2021-07-2900:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is affected by a missing authentication flaw in its Ehcache RMI component. An unauthenticated, remote attacker could exploit this to bypass authentication and execute arbitrary code on an affected system.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152137);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2020-36239");
  script_xref(name:"IAVA", value:"2021-A-0354");

  script_name(english:"Atlassian Jira Data Center / Jira Service Management Data Center Missing Authentication (2021-07-21)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts a web application that is affected by a missing authentication vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is
affected by a missing authentication flaw in its Ehcache RMI component. An unauthenticated, remote attacker could 
exploit this to bypass authentication and execute arbitrary code on an affected system.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   
number.");
  # https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7c7a7aa0");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian Jira Data Center / Jira Service Management 
  Data Center to version 4.5.16, 4.13.8, 4.17.0, 8.5.16, 8.13.8, 8.17.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-36239");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/29");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jira_detect.nasl", "atlassian_jira_win_installed.nbin", "atlassian_jira_nix_installed.nbin");
  script_require_keys("installed_sw/Atlassian JIRA");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'Atlassian JIRA');
var edition = app_info['Edition'];

if (edition == 'Unknown' || edition != 'Jira Data Center')
  audit(AUDIT_HOST_NOT, 'an affected Jira edition');

var constraints = [
  {'min_version':'2.0.2', 'fixed_version':'4.5.16'},
  {'min_version':'4.6.0', 'fixed_version':'4.13.8'},
  {'min_version':'4.14.0', 'fixed_version':'4.17.0'},
  {'min_version':'6.3.0', 'fixed_version':'8.5.16'},
  {'min_version':'8.6.0', 'fixed_version':'8.13.8'},
  {'min_version':'8.14.0', 'fixed_version':'8.17.0'}
];

vcf::check_version_and_report(
  app_info:app_info, 
  constraints:constraints, 
  severity:SECURITY_HOLE
);
VendorProductVersionCPE
atlassianjiracpe:/a:atlassian:jira

Related

threatpost 2
attackerkb 1
atlassian 4
prion 1
seebug 1
cve 1
kitploit 1
threatpost
threatpost
Critical Jira Flaw in Atlassian Could Lead to RCE
2021-07-22 20:52:45
Jenkins Hit as Atlassian Confluence Cyberattacks Widen
2021-09-07 16:07:58
attackerkb
attackerkb
CVE-2020-36239
2021-07-21 00:00:00
atlassian
atlassian
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
2021-07-09 05:44:39
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
2021-06-30 03:09:16
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
2021-07-09 05:44:39
prion
prion
Deserialization of untrusted data
2021-07-29 11:15:00
seebug
seebug
Ehcache RMI 远程代码执行漏洞( CVE-2020-36239)
2021-07-23 00:00:00
cve
cve
CVE-2020-36239
2021-07-29 11:15:00
kitploit
kitploit
Heyserial - Programmatically Create Hunting Rules For Deserialization Exploitation With Multiple Keywords, Gadget Chains, Object Types, Encodings, And Rule Types
2022-05-12 21:30:00
JSON
Related for JIRA_2021_07_21.NASL
threatpost2attackerkb1atlassian4prion1seebug1cve1kitploit1