.. / CVE-2022-39960

Exploit for Jira Netic Group Export <1.0.3 - Missing Authorization (CVE-2022-39960)

Description:

Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.

Nuclei Template

View the template here CVE-2022-39960.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-39960.yaml
Copy

References:

https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e
https://marketplace.atlassian.com/apps/1222388/group-export-for-jira/version-history
https://nvd.nist.gov/vuln/detail/CVE-2022-39960
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/Henry4E36/POCS