Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jira Unauthenticated Access to screens" module is designed to detect misconfigurations in Jira, an Atlassian software used for project management and issue tracking. This module focuses on identifying unauthenticated access to screens, which can pose a security risk. The severity of this module is informative, meaning it provides valuable information but does not directly indicate a vulnerability. The original author of this module is TESS.
Unauthenticated access to screens in Jira can potentially expose sensitive information, such as project details, issue descriptions, and user data. This module helps identify instances where unauthorized users can view screens without proper authentication, highlighting potential security weaknesses.
The module sends an HTTP GET request to the "/rest/api/2/screens" endpoint in Jira. It then applies several matching conditions to determine if unauthenticated access to screens is possible. The matching conditions include:
- Checking for the presence of specific words in the response, such as "id", "name", and "description". - Verifying that the response status is 200 (OK). - Checking for the presence of the "atlassian.xsrf.token" header.If all of these conditions are met, the module reports a potential misconfiguration of unauthenticated access to screens in Jira.
For more information, you can refer to the official Jira API documentation.
Metadata:
max-request: 1
shodan-query: http.component:"Atlassian Jira"