6 matches found
Jira Users Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jira Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability that allows an unauthenticated user to...
U.S. Dept Of Defense: Sensitive data exposure via https://████████.mil/secure/QueryComponent!Default.jspa - CVE-2020-14179
Summary: Information Disclosure vulnerability in outdated Jira. Description: Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the...
CVE-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability...
CVE-2019-8443
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to...
Atlassian JIRA CVE-2019-3403 Information Disclosure Vulnerability
Description Atlassian JIRA is prone to an information-disclosure vulnerability. Successful exploits of this issue lead to the disclosure of sensitive information which may aid in launching further attacks. Jira versions prior to 7.13.3, 8.0.0 through and prior to 8.0.4 and 8.1.0 through and prior...
CVE-2017-18097
The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the title of a Trello card...