Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Atlassian JIRA Setup - Installer

By kannthu

High
Vidoc logoVidoc Module
#misconfig#jira#atlassian#installer
Description

What is the "Atlassian JIRA Setup - Installer" module?

The "Atlassian JIRA Setup - Installer" module is a test case designed to detect misconfigurations in the Atlassian JIRA software. JIRA is a popular project management tool used by organizations to track and manage their projects. This module focuses on identifying vulnerabilities related to the JIRA setup process. It has a high severity level, indicating that the identified misconfigurations can potentially lead to security risks.

This module was authored by ritikchaddha.

Impact

If the module detects a misconfiguration in the JIRA setup, it means that the installation process of JIRA has not been properly configured. This can result in various security vulnerabilities, potentially exposing sensitive data or allowing unauthorized access to the system. It is crucial to address any identified misconfigurations promptly to ensure the security and integrity of the JIRA installation.

How does the module work?

The "Atlassian JIRA Setup - Installer" module works by sending HTTP requests to specific endpoints in the JIRA application. It then applies matching conditions to determine if a misconfiguration is present. One example of an HTTP request sent by this module is a GET request to the "/secure/SetupMode!default.jspa" path.

The module uses two matching conditions to identify misconfigurations:

- Matcher 1: It checks the response body for specific words such as "JIRA - JIRA setup" and "jira.webresources:jira-setup". If any of these words are found, it indicates a potential misconfiguration. - Matcher 2: It verifies that the HTTP response status is 200, indicating a successful request. If the status is different, the module does not consider it a match.

By combining these matching conditions, the module can accurately detect misconfigurations in the JIRA setup process.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/secure/SetupMode!de...
Matching conditions
word: JIRA - JIRA setup, jira.webresources:jir...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability