This repository contains a Python script designed to exploit CVE-2020-14179, a vulnerability affecting Atlassian Jira Server and Data Center versions prior to 8.5.8 and from 8.6.0 to 8.11.1. The vulnerability allows remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa
endpoint.
The script sends HTTP requests to a specified URL or a list of URLs and checks if the target is vulnerable to CVE-2020-14179 by analyzing the response for specific searchers.
- Published: 2020-09-21
- CVE ID: CVE-2020-14179
- Impact: Sensitive Information Disclosure
- Affected Versions:
- Atlassian Jira Server and Data Center versions before 8.5.8
- Atlassian Jira Server and Data Center versions from 8.6.0 to 8.11.1
- Python 3.x
- Required Python packages (install using
pip install -r requirements.txt
)
python3 main.py --url <target_url>
python3 main.py --list <file_path>
--dump
: Save the response data(json) for further analysis.
To mitigate the vulnerability, it is recommended to update Atlassian Jira Server and Data Center to version 8.5.8 or later. Additionally, users should follow security best practices and regularly update their software to protect against known vulnerabilities.
This project is licensed under the MIT License.