daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create jira-unauthenticated-dashboards.yaml 

If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
patch-1
Techbrunch 2020-07-06 18:02:11 +02:00 committed by GitHub
parent 4337755cbe
commit 981979d905
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
security-misconfiguration/jira-unauthenticated-dashboards.yaml Normal file
View File

@ -0,0 +1,29 @@
id: jira-unauthenticated-dashboards
# If public sharing is ON it allows users to share dashboards and filters with all users including
# those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
info:
name: Jira Unauthenticated Dashboards
author: TechbrunchFR
severity: Info
requests:
- method: GET
path:
- "{{BaseURL}}/rest/api/2/dashboard?maxResults=100"
matchers:
- type: word
words:
- 'dashboards'
- 'startAt'
- 'maxResults'
condition: and
# Remediation:
# Ensure that this permission is restricted to specific groups that require it.
# You can restrict it in Administration > System > Global Permissions.
# Turning the feature off will not affect existing filters and dashboards.
# If you change this setting, you will still need to update the existing filters and dashboards if they have already been
# shared publicly.
# Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.