Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneJohnstoneH1:632808
HistoryJun 30, 2019 - 12:11 p.m.

Starbucks: Information disclosure on sim.starbucks.com

2019-06-3012:11:42
johnstone
hackerone.com
132

EPSS

0.971

Percentile

99.8%

JSON

Description:
Hi,there.I found the sim.starbucks.com host deployed the jira server which version is 7.9.2,there is many public vulnerability on this low version.

Information disclosured vulnerability
1.(CVE-2019-3403)https://jira.atlassian.com/browse/JRASERVER-69242
visit the URL address,you can check the user whether is exist on this host

https://sim.starbucks.com/rest/api/2/user/picker?query=admin

So the attacker can enumerate all existing users on this jira server.

2.(CVE-2019-8442)https://jira.atlassian.com/browse/JRASERVER-69241
visit the URL address,the server will leaking some server’s information

https://sim.starbucks.com/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml

Recommendations for fix

updated the jira server’s version or fixed

PS:Can starbucks’s team check my other report #533836 status?the report is not updated for too long.
Thank you.looking forward for your reply.
Best regards!
@johnstone

Impact

Leaking some information about the server

Related

nessus 5
nuclei 2
hackerone 3
atlassian 4
nvd 2
symantec 1
githubexploit 1
cve 2
prion 2
cvelist 2
dsquare 1
openvas 1
nessus
nessus
Atlassian Jira 8.1.0 < 8.1.1 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 7.13.0 < 7.13.4 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities
2023-03-14 00:00:00
nuclei
nuclei
Jira - Incorrect Authorization
2021-02-16 16:55:16
Jira - Local File Inclusion
2020-10-02 19:50:52
hackerone
hackerone
U.S. Dept Of Defense: CVE-2019-3403 on https://████/rest/api/2/user/picker?query=
2021-04-03 18:52:05
Mail.ru: Path traversal lead to LFR via [CVE-2019-3394]
2020-09-12 21:50:28
OneWeb: Vulnerable Jira Instance
2021-09-27 14:44:08
atlassian
atlassian
Information disclosure in the /rest/api/2/user/picker rest resource - CVE-2019-3403
2019-04-29 03:57:01
Information disclosure in the /rest/api/2/user/picker rest resource - CVE-2019-3403
2019-04-29 03:57:01
Lax path access check allowing access to webroot files in the META-INF directory in the CachingResourceDownloadRewriteRule class - CVE-2019-8442
2019-04-29 03:50:39
nvd
nvd
CVE-2019-3403
2019-05-22 18:29:00
CVE-2019-8442
2019-05-22 18:29:02
symantec
symantec
Atlassian JIRA CVE-2019-3403 Information Disclosure Vulnerability
2019-04-29 00:00:00
githubexploit
githubexploit
Exploit for Incorrect Authorization in Atlassian Jira
2021-03-18 22:36:58
cve
cve
CVE-2019-3403
2019-05-22 18:29:00
CVE-2019-8442
2019-05-22 18:29:02
prion
prion
Authentication flaw
2019-05-22 18:29:00
Design/Logic Flaw
2019-05-22 18:29:00
cvelist
cvelist
CVE-2019-3403
2019-05-22 17:35:03
CVE-2019-8442
2019-05-22 17:39:14
dsquare
dsquare
Atlassian JIRA File Disclosure
2019-11-08 00:00:00
openvas
openvas
'/_/WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-10-06 00:00:00

EPSS

0.971

Percentile

99.8%

JSON
Related for H1:632808
nessus5nuclei2hackerone3atlassian4nvd2symantec1githubexploit1cve2prion2cvelist2dsquare1openvas1