From 98c925a413e5fe5f5784b284810474274eb727d1 Mon Sep 17 00:00:00 2001
From: Philippe Delteil <pdelteil@gmail.com>
Date: Thu, 8 Jul 2021 16:55:20 -0400
Subject: [PATCH] Create jira-unauthenticated-installed-gadgets.yaml

---
 ...ira-unauthenticated-installed-gadgets.yaml | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 vulnerabilities/jira/jira-unauthenticated-installed-gadgets.yaml

diff --git a/vulnerabilities/jira/jira-unauthenticated-installed-gadgets.yaml b/vulnerabilities/jira/jira-unauthenticated-installed-gadgets.yaml
new file mode 100644
index 0000000000..2004a6ca1d
--- /dev/null
+++ b/vulnerabilities/jira/jira-unauthenticated-installed-gadgets.yaml
@@ -0,0 +1,23 @@
+id: jira-unauthenticated-installed-gadgets
+
+info:
+  name: Jira Unauthenticated Installed gadgets
+  author: philippedelteil
+  severity: info
+  description: Some Jira instances allow to read the installed gadgets (sometimes it's also possible to read config xml file for some gadgets)
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/rest/config/1.0/directory"
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'jaxbDirectoryContents'
+        condition: or
+      - type: status
+        status:
+          - 200