Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179# CVE-2020-14179
Sensitive data exposure via `/secure/QueryComponent!Default.jspa` endpoint
- Priority: High
- Affects Version/s: 8.6.0 | 8.8.0 | 8.5.5 | 8.9.0 | 8.10.0 | 8.11.0
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the `/secure/QueryComponent!Default.jspa` endpoint.
As my knowledge goes, 9.11.0, 9.7.1... also affected 😂
## Overview of [CVE-2020-14179_Finder.sh](https://github.com/mrnazu/CVE-2020-14179/blob/main/CVE-2020-14179_Finder.sh)
CVE-2020-14179 Finder is a simple bash script designed to check if a target is vulnerable to the `CVE-2020-14179`.
The script uses a specific HTTP request via `curl` to the `/secure/QueryComponent!Default.jspa` endpoint and analyzes the response to determine vulnerability.
## Features
- Sends a request to the specified endpoint `/secure/QueryComponent!Default.jspa`.
- Analyzes the response to determine vulnerability.
- Outputs color-coded results for easy identification.
- Stores request and response details in the "results" folder.
## Installation
1. Clone the repository:
- `git clone https://github.com/mrnazu/CVE-2020-14179.git`
2. Navigate to the script directory:
- `cd CVE-2020-14179`
3. Run the script:
- For a list of targets from a file: `./CVE-2020-14179_Finder.sh -l target.txt`
- For a single target URL: `./CVE-2020-14179_Finder.sh -u http://target.com/`
## Contributions
This script is provided for educational and research purposes only. Use it responsibly and only on systems you have permission to test.
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view