Web JIRA LOGIN PORTAL EXPLOITS CVE - 2020-14181 / ETC

[WujingKlaus]

LESS UPDATED JIRA LOGIN PORTALS ARE VULNERABLE TO MANY CVES' WHICH HELPS IN BUG BOUNTY / PENTESTING ..

FIRST USE DORKS ON TARGET TO FIND JIRA .

DORKS TO USE :
1.site:*..TLD inurl:jira login
2. inurl:company name intitle:jira login

THEN MANUALLY CHECK VERSION VIA VIEW SOURCE CODE : KEYWORD IN SOURCE => data-version
IF NOT UPDATED TO CURRENT USE THIS TOOL TO EXPLOIT CVES ON TARGET ,

GitHub - MayankPandey01/Jira-Lens: Fast and customizable vulnerability scanner For JIRA written in Python

Fast and customizable vulnerability scanner For JIRA written in Python - MayankPandey01/Jira-Lens

github.com

Happy hunting / Pentesting

 

[vanguard]

Sounds good. Assuming this applies to Jira instances that are self hosted, because otherwise Jira (main) would be patched by now

Ty for sharing

 

[WujingKlaus]

Sounds good. Assuming this applies to Jira instances that are self hosted, because otherwise Jira (main) would be patched by now

Ty for sharing

yes it applies to jira instances .. for big scopes (*) on bug hunts.