漏洞描述
Atlassian Jira由于访问限制不当,托管在远程Web服务器上的AtlassianJira实例受到QueryComponentRendererValue!Default.jspa中的信息泄露漏洞的影响。未经身份验证的远程攻击者可以利用这一点,通过发送特制的HTTP请求,泄露可能有助于进一步攻击的敏感信息。
Jira 信息泄露 (CVE-2020-36289)
PoC代码
暂无相关漏洞推荐
- CVE-2019-8449: Jira Information Disclosure
- POC CVE-2007-0885: Jira Rainbow.Zen - Cross-Site Scripting
- POC CVE-2017-9506: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
- POC CVE-2018-20824: Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
- POC CVE-2018-5230: Atlassian Jira Confluence - Cross-Site Scripting
- POC CVE-2019-11581: Atlassian Jira Server-Side Template Injection
- POC CVE-2019-3401: Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
- POC CVE-2019-3402: Jira < 8.1.1 - Cross-Site Scripting
- POC CVE-2019-3403: Jira - Incorrect Authorization
- POC CVE-2019-8442: Jira - Local File Inclusion
- POC CVE-2019-8446: Jira Improper Authorization
- POC CVE-2019-8449: Jira <8.4.0 - Information Disclosure
- POC CVE-2019-8451: Jira <8.4.0 - Server-Side Request Forgery