Came across a condition where this template wasn't matching because the application was sending "application/vnd.spring-boot.actuator.v2+json;charset=UTF-8" instead of "application/json" in content-type header of response.
If public sharing is ON it allows users to share projects with all users including those that are not logged in. Those projects could reveal potentially sensitive information.
If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
Through the user picker functionality within Jira your user base information could be available to anonymous users. The Browse User Global Permission allows a user to view a list of all Jira user names and group names, share issues, and @mention people on issues. This is used for selecting users/groups in popup screens and also enables auto-completion of usernames in most 'User Picker' menus and popups.
If you grant this permission to the Anyone group, you will be allowing anonymous users access to the endpoints that provide a list of users.
Remediation: Ensure that this permission is restricted to specific groups that require it. You can restrict it in Administration > System > Global Permissions.
Provides a way to detect the wordpress xmlrpc endpoint that can help and leads to possible ssrf sometimes.
I am not sure if it is worth to add. But I have got a few good findings using this.
Let me know if I'm doing it right, You guys are doing great work, Love this project. Kudos..!
Trying to contribute a little.
Romain
bauthard
eschultze
nahoragg
dw1
Ice3man543
Aditya Gujar
Techbrunch
bauthard
Udit Bhadauria
Víctor Zamanillo
Fabian Affolter
Andrea
João Teles
Nadino92
Prince Chaddha
mpgn
JPMartinezz