Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Jira Unauthenticated Resolutions

By kannthu

Informative
Vidoc logoVidoc Module
#atlassian#jira
Description

Jira Unauthenticated Resolutions

What is the "Jira Unauthenticated Resolutions" module?

The "Jira Unauthenticated Resolutions" module is a test case designed to detect misconfigurations in Jira, an Atlassian software used for issue tracking and project management. This module focuses on identifying unauthenticated access to the resolution endpoint in Jira instances.

Severity: Informative

Author: TESS

Impact

This module aims to identify potential security risks related to unauthenticated access to the resolution endpoint in Jira. If misconfigured, this could allow unauthorized users to view or modify resolution data, potentially leading to data breaches or unauthorized changes to issue resolutions.

How does the module work?

The "Jira Unauthenticated Resolutions" module works by sending a GET request to the "/rest/api/2/resolution" endpoint in Jira instances. It then applies a set of matching conditions to determine if the endpoint is accessible without authentication.

Matching conditions:

- The response status code must be 200. - The response must contain the words "self," "description," and "name" in any part of the response. - The response headers must include the word "atlassian.xsrf.token".

If all the matching conditions are met, the module reports a potential vulnerability, indicating that unauthenticated access to the resolution endpoint is possible.

Example HTTP request:

GET /rest/api/2/resolution

Note: The above example is a simplified representation of the HTTP request used by the module.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/rest/api/2/resoluti...
Matching conditions
word: self, description, nameand
status: 200and
word: atlassian.xsrf.token
Passive global matcher
No matching conditions.
On match action
Report vulnerability