.. / CVE-2019-8451

Exploit for Jira <8.4.0 - Server-Side Request Forgery (CVE-2019-8451)

Description:

Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations.

Nuclei Template

View the template here CVE-2019-8451.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-8451.yaml

References:

https://jira.atlassian.com/browse/JRASERVER-69793
https://nvd.nist.gov/vuln/detail/CVE-2019-8451
https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
https://github.com/merlinepedra/nuclei-templates
https://hackerone.com/reports/713900

.. / CVE-2019-8451 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Jira <8.4.0 - Server-Side Request Forgery (CVE-2019-8451)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-8451