Commit Graph

797 Commits (8315f5f780f7bccbbb2ee8a62020c3d858313a17)

Author SHA1 Message Date
Aditya Soni 9c8104f937
Create CVE-2020-10204.yaml 2020-07-07 01:54:18 +05:30
bauthard 2499aaa0a6
Update CVE-2018-1247.yaml 2020-07-07 00:37:01 +05:30
bauthard 24eafa3648
updated matcher 2020-07-07 00:34:27 +05:30
bauthard ebb2f1f3ac
Merge pull request #210 from harsh-bothra/patch-5
Create CVE-2018-11759.yaml
2020-07-06 22:44:05 +05:30
bauthard ba2fe4bf75 Update CVE-2018-11759.yaml 2020-07-06 22:43:45 +05:30
bauthard 1714fa6674
Merge pull request #209 from harsh-bothra/patch-4
Create CVE-2020-5405.yaml
2020-07-06 22:41:09 +05:30
bauthard 8362fb3dc2 Update CVE-2020-5405.yaml 2020-07-06 22:40:05 +05:30
bauthard bd7a526f32
Merge pull request #208 from Techbrunch/patch-5
Create jira-unauthenticated-projects.yaml
2020-07-06 22:31:11 +05:30
bauthard e2373db418 Update jira-unauthenticated-projects.yaml 2020-07-06 22:30:26 +05:30
bauthard 01ddd1deae
Merge pull request #207 from Techbrunch/patch-4
Create jira-unauthenticated-dashboards.yaml
2020-07-06 22:26:16 +05:30
bauthard 503f300230
Merge pull request #206 from Techbrunch/patch-3
Create jira-unauthenticated-popular-filters.yaml
2020-07-06 22:25:48 +05:30
bauthard 63289fb700
Merge pull request #205 from dwisiswant0/update-cve-2020-5902
Update RAW payloads due to can't use helper function - CVE-2020-5902
2020-07-06 22:19:31 +05:30
bauthard 6f7aa0570e
Merge pull request #204 from Techbrunch/patch-2
Create CVE-2019-8451.yaml
2020-07-06 22:16:27 +05:30
Harsh Bothra 8b4cf6bd46
Create CVE-2018-11759.yaml
Apache Tomcat JK Status Manager Access
2020-07-06 21:58:42 +05:30
bauthard c278396f2e
Merge pull request #203 from melbadry9/patch-2
Update open-redirect.yaml
2020-07-06 21:52:55 +05:30
Harsh Bothra ebcf1ec0f6
Create CVE-2020-5405.yaml
Spring Cloud Directory Traversal
2020-07-06 21:52:18 +05:30
Techbrunch 1b0683e4a3
Create jira-unauthenticated-projects.yaml
If public sharing is ON it allows users to share projects with all users including those that are not logged in. Those projects could reveal potentially sensitive information.
2020-07-06 18:03:33 +02:00
Techbrunch 981979d905
Create jira-unauthenticated-dashboards.yaml
If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
2020-07-06 18:02:11 +02:00
Techbrunch a525139cbe
Update jira-unauthenticated-popular-filters.yaml 2020-07-06 17:58:12 +02:00
Techbrunch 40238f677f
Create jira-unauthenticated-popular-filters.yaml
If public sharing is ON it allows users to share dashboards and filters with all users including those that are not logged in. Those dashboard and filters could reveal potentially sensitive information.
2020-07-06 17:56:34 +02:00
Techbrunch 59661b1eb6
Update CVE-2019-8451.yaml
Fix trailing whitespace
2020-07-06 16:56:27 +02:00
Techbrunch 3a44d74762
Create CVE-2019-8451.yaml
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.

# CVE-2019-8451 is a pre-authentication server-side request forgery (SSRF) vulnerability found in 
# the /plugins/servlet/gadgets/makeRequest resource. The vulnerability exists due to “a logic bug” in the JiraWhitelist class.
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable 
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal 
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817
2020-07-06 16:52:34 +02:00
dw1 d19f00bf82 Update RAW payloads due to can't use helper function 2020-07-06 21:45:44 +07:00
Mohamed Elbadry 3381eed789
Update open-redirect.yaml 2020-07-06 16:21:43 +02:00
bauthard 4337755cbe
Merge pull request #202 from melbadry9/patch-1
Update crlf-injection.yaml
2020-07-06 19:48:11 +05:30
Mohamed Elbadry d2f024dc32
Update crlf-injection.yaml 2020-07-06 16:16:27 +02:00
Mohamed Elbadry e255561721
Update crlf-injection.yaml 2020-07-06 16:11:29 +02:00
bauthard 8ef6e99ab3
Merge pull request #200 from dwisiswant0/update-cve-2020-5902
Update CVE-2020-5902 matchers & requests
2020-07-06 19:15:28 +05:30
dw1 2479e51afb 📝 Fix indentation on RAW requests 2020-07-06 18:28:20 +07:00
dw1 f4da7bec43 🔨 Update CVE-2020-5902 matchers & requests to reduce false-positive results 2020-07-06 18:14:01 +07:00
bauthard 0036549365
Merge pull request #199 from Techbrunch/patch-1
Create jira-unauthenticated-user-picker.yaml
2020-07-06 15:59:07 +05:30
Techbrunch d2eb42f149
Update jira-unauthenticated-user-picker.yaml
Fix spaces
2020-07-06 12:28:08 +02:00
Techbrunch 0fc1212d8f
Create jira-unauthenticated-user-picker.yaml
Through the user picker functionality within Jira your user base information could be available to anonymous users. The Browse User Global Permission allows a user to view a list of all Jira user names and group names, share issues, and @mention people on issues. This is used for selecting users/groups in popup screens and also enables auto-completion of usernames in most 'User Picker' menus and popups.

If you grant this permission to the Anyone group, you will be allowing anonymous users access to the endpoints that provide a list of users.

Remediation: Ensure that this permission is restricted to specific groups that require it. You can restrict it in Administration > System > Global Permissions.
2020-07-06 12:23:09 +02:00
bauthard 6d498a6054 syntax update 2020-07-06 13:57:46 +05:30
bauthard 295f836a39
updated condition 2020-07-06 13:54:03 +05:30
bauthard 69e4f714e3
Merge pull request #196 from dwisiswant0/custom-workflows
Updating current workflows & Add BIG-IP Pwner Workflow
2020-07-06 10:59:10 +05:30
dw1 257dca57fe 🔨 Update Springboot Actuators detection 2020-07-06 11:26:40 +07:00
dw1 abac4ea061 📝 Update current examples of workflows 2020-07-06 10:06:05 +07:00
dw1 72fcb6ac03 🔥 Add BIG-IP Pwner Workflow 2020-07-06 08:46:04 +07:00
dw1 c3a0b6c5a6 🔨 Update BIG-IP Configuration Utility detection matchers 2020-07-06 08:45:33 +07:00
dw1 550a559108 ✏️ Replace '-' to '_' on variable workflows 2020-07-06 08:39:23 +07:00
dw1 25d5c5afb0 🔥 BIG-IP Configuration Utility detection 2020-07-06 08:36:25 +07:00
dw1 3d150d7825 Remove BIG-IP Config Utility Detect 2020-07-06 08:33:50 +07:00
bauthard aece3c81f1
Merge pull request #195 from Mad-robot/master
Update CVE-2020-5902.yaml
2020-07-05 22:28:56 +05:30
SaN ThosH dfe6244c7e
Update CVE-2020-5902.yaml 2020-07-05 21:51:24 +05:30
bauthard 22c21c3b4a
Merge pull request #194 from Mad-robot/master
Update CVE-2020-5902.yaml
2020-07-05 21:50:21 +05:30
SaN ThosH 0fe4c5ee3d
Update CVE-2020-5902.yaml 2020-07-05 21:47:48 +05:30
bauthard a06dbcecf2
Merge pull request #193 from Mad-robot/master
Update CVE-2020-5902.yaml
2020-07-05 21:46:47 +05:30
SaN ThosH 4f63a86229
Update CVE-2020-5902.yaml 2020-07-05 21:45:24 +05:30
bauthard 142b96e8bc
Merge pull request #192 from Mad-robot/master
Create CVE-2018-3714.yaml
2020-07-05 21:28:53 +05:30