Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jira Unauthenticated Admin Projects" module is a test case designed to detect misconfigurations in Atlassian Jira. It targets the admin menu endpoint and checks for specific keywords, a successful response status, and the presence of an Atlassian XSRF token in the header. This module has an informative severity level and was authored by TESS.
This module does not have a direct impact on the system. Instead, it helps identify potential misconfigurations in the admin projects functionality of Atlassian Jira. By detecting these misconfigurations, system administrators can take appropriate actions to secure their Jira instances.
The "Jira Unauthenticated Admin Projects" module works by sending an HTTP GET request to the "/rest/menu/latest/admin" endpoint of the target Jira instance. It then applies several matching conditions to determine if the response indicates a misconfiguration. These conditions include checking for specific keywords in the response body, a successful response status of 200, and the presence of the "atlassian.xsrf.token" header.
Here is an example of the HTTP request sent by the module:
GET /rest/menu/latest/admin
The module matches the response against the following conditions:
- The response body must contain the keywords "key," "link," "label," and "self." - The response status must be 200. - The "atlassian.xsrf.token" header must be present.By analyzing the response and matching conditions, the module can identify potential misconfigurations in the admin projects functionality of Atlassian Jira.