nuclei-templates/http/cves/2019/CVE-2019-3401.yaml

id: CVE-2019-3401

info:
  name: Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
  author: TechbrunchFR,milo2012
  severity: medium
  description: Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
  reference:
    - https://jira.atlassian.com/browse/JRASERVER-69244
    - https://nvd.nist.gov/vuln/detail/CVE-2019-3401
  remediation: Ensure this permission is restricted to specific groups that require it via Administration > System > Global Permissions. Turning the feature off will not affect existing filters and dashboards. If you change this setting, you will still need to update the existing filters and dashboards if they have already been shared publicly. Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2019-3401
    cwe-id: CWE-863
    epss-score: 0.0055
  metadata:
    max-request: 1
    shodan-query: http.component:"Atlassian Jira"
  tags: cve,cve2019,jira,atlassian,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/secure/ManageFilters.jspa?filter=popular&filterView=popular"
    matchers:
      - type: word
        words:
          - '<span data-filter-field="owner-full-name">'
          - '<title>Manage Filters - Jira</title>'
        condition: and

# Remediation:
# Ensure that this permission is restricted to specific groups that require it.
# You can restrict it in Administration > System > Global Permissions.
# Turning the feature off will not affect existing filters and dashboards.
# If you change this setting, you will still need to update the existing filters and dashboards if they have already been
# shared publicly.
# Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml 2021-06-24 11:22:04 +00:00			`id: CVE-2019-3401`
Create jira-unauthenticated-popular-filters.yaml If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information. 2020-07-06 15:56:34 +00:00
			`info:`
Enhancement: cves/2019/CVE-2019-3401.yaml by md 2023-02-01 16:00:45 +00:00			`name: Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization`
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml 2021-06-24 11:22:04 +00:00			`author: TechbrunchFR,milo2012`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: medium`
Enhancement: cves/2019/CVE-2019-3401.yaml by md 2023-02-01 16:00:45 +00:00			`description: Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://jira.atlassian.com/browse/JRASERVER-69244`
Enhancement: cves/2019/CVE-2019-3401.yaml by md 2023-02-01 16:00:45 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2019-3401`
			`remediation: Ensure this permission is restricted to specific groups that require it via Administration > System > Global Permissions. Turning the feature off will not affect existing filters and dashboards. If you change this setting, you will still need to update the existing filters and dashboards if they have already been shared publicly. Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 5.3`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2019-3401`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cwe-id: CWE-863`
Added CPE and EPSS Score to CVE Templates 2023-04-12 10:55:48 +00:00			`epss-score: 0.0055`
Update CVE-2019-3401.yaml 2022-07-04 13:18:41 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 1`
Update CVE-2019-3401.yaml 2022-07-04 13:18:41 +00:00			`shodan-query: http.component:"Atlassian Jira"`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2019,jira,atlassian,exposure`
Update jira-unauthenticated-popular-filters.yaml 2020-07-06 15:58:12 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create jira-unauthenticated-popular-filters.yaml If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information. 2020-07-06 15:56:34 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/secure/ManageFilters.jspa?filter=popular&filterView=popular"`
			`matchers:`
			`- type: word`
			`words:`
Update and rename vulnerabilities/jira/jira-unauthenticated-popular-filters.yaml to cves/2019/CVE-2019-3401.yaml 2021-06-24 11:22:04 +00:00			`- '<span data-filter-field="owner-full-name">'`
			`- '<title>Manage Filters - Jira</title>'`
			`condition: and`
Create jira-unauthenticated-popular-filters.yaml If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information. 2020-07-06 15:56:34 +00:00
Severity and other cleanups 2023-02-02 23:05:19 +00:00			`# Remediation:`
			`# Ensure that this permission is restricted to specific groups that require it.`
			`# You can restrict it in Administration > System > Global Permissions.`
			`# Turning the feature off will not affect existing filters and dashboards.`
			`# If you change this setting, you will still need to update the existing filters and dashboards if they have already been`
			`# shared publicly.`
			`# Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.`