Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

POC - Atlassian Confluence OGNL Injection Remote Code Executio...

CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...

CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

Atlassian Jira wikirenderer component cross-site scripting vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all kinds of issues and defects in the workplace. wikirenderer is one of the components that can convert wiki content to HTML, Docbook and other formats. A cross-site scripting...

CVE-2019-11589

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery CSRF token, via a open redirect...

Cross site request forgery (csrf)

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery CSRF...

CVE-2019-11585

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect...

CVE-2019-11587

CVE-2019-11587 affects Atlassian Jira: exposed resources of the ViewLogging class allow CSRF, enabling remote modification of various settings. Impacted versions include Jira before 7.13.6, and 8.x before 8.2.3; specifically 8.3.0 before 8.3.2. The issue is triggered via CSRF without requiring au...