Atlassian Jira < 8.4.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.4.0. It is, therefore, affected by multiple vulnerabilities:

• A cross-site scripting (XSS) vulnerability exists in the WikiRenderer parser. A remote attacker can exploit this by creating a specially crafted request that executes arbitrary script code in a user’s browser session. (CVE-2019-8444)

• An information disclosure vulnerability exists in the /rest/api/2/worklog/list rest resource. An authenticated, remote attacker can exploit this, to view worklog details for issues they do not have permission to view. (CVE-2019-8445)

• An information disclosure vulnerability exists in the /rest/issueNav/1/issueTable rest resource. A remote anonymous attackers can exploit this to differentiate between valid usernames and invalid usernames. (CVE-2019-8446)

• An information disclosure vulnerability exists in the /rest/api/latest/groupuserpicker resource. An unauthenticated, remote attacker can exploit this, to enumerate usernames due to an incorrect authorization check. (CVE-2019-8449)

• A server-side request forgery (SSRF) vulnerability exists in the /plugins/servlet/gadgets/makeRequest resource due to a logic bug in the JiraWhitelist class. A remote attacker can exploit this to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability. (CVE-2019-8451)

• An authentication bypass vulnerability exists in the /rest/api/1.0/render rest resource. An unauthenticated, remote attacker can exploit this, to determine if an attachment with a specific name exists and if an issue key is valid due to a missing permissions check. (CVE-2019-14995)

• An information disclosure vulnerability exists in the AccessLogFilter class due to a caching vulnerability. A remote anonymous attackers can exploit this to access details about other users, including their username, when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. (CVE-2019-14997)

• A cross-site request forgery (XSRF) vulnerability exists in Webwork action Cross-Site Request Forgery (CSRF) protection. A remote attacker can exploit this by bypassing its protection by ‘cookie tossing’ a CSRF cookie from a subdomain of a Jira instance. (CVE-2019-14998)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.