An attacker with control over a victim’s Jira instance could use this flaw to export all groups from the Jira instance to a remote server. An attacker could then use the exported data to obtain access to internal systems or to launch attacks against other systems. Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a request to a plugins/servlet/groupexportforjira/admin/ URI.An attacker with control over a victim’s Jira instance could use this flaw to export all groups from the Jira instance to a remote server. An attacker could then use the exported data to obtain access to internal systems or to launch attacks against other systems. CVE-2018-13286 A low privileged user could upload or change a jsp file via the “Add new custom view” or “Edit view” functionality in the administration interface.

An attacker with control over a victim’s Jira instance could upload a file via the “Add new custom view” or “Edit view” functionality in the administration interface. The upload functionality does not perform any authorization checks, allowing an attacker to upload a jsp file that could be used to perform various attacks against the Jira instance. For example, the attacker could upload a jsp file to inject malicious

Operation Scenarios

An attacker with control over a victim’s Jira instance could use this flaw to export all groups from the Jira instance to a remote server. An attacker could then use the exported data to obtain access to internal systems or to launch attacks against other systems.
An attacker with control over a victim’s Jira instance could use this flaw to export all groups from the Jira instance to a remote server. An attacker could then use the exported data to obtain access to internal systems or to launch attacks against other systems.

Jira Service Side Scraping

The Atlassian Jira Service Side Scraping vulnerability allows an attacker with control over a victim’s Jira instance to install any arbitrary code on the service side of the Jira instance. This vulnerability can be exploited by sending a request to a plugins/servlet/jsp/ajs/admin/ URI with a jsp file that contains malicious script.
An attacker with control over a victim’s Jira instance could use this flaw to install any arbitrary code on the service side of the Jira instance. The upload functionality does not perform any authorization checks, allowing an attacker to install any jsp file that could be used to perform various attacks against the Jira instance. For example, the attacker could install jsp files to inject malicious scripts

Updateable Views CVE-2018-13286

A low privileged user could upload or edit a jsp file via the “Add new custom view” or “Edit view” functionality in the administration interface. An attacker with control over a victim’s Jira instance could use this flaw to upload a file that would be used to perform various attacks against the Jira instance. For example, an attacker could upload a jsp file to inject malicious JavaScript code into a view.

Timeline

Published on: 09/17/2022 18:15:00 UTC
Last modified on: 09/21/2022 06:21:00 UTC

References