Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jira Unauthenticated Resolutions" module is a test case designed to detect misconfigurations in Jira, an Atlassian software used for issue tracking and project management. This module focuses on identifying unauthenticated access to the resolution endpoint in Jira instances.
Severity: Informative
Author: TESS
This module aims to identify potential security risks related to unauthenticated access to the resolution endpoint in Jira. If misconfigured, this could allow unauthorized users to view or modify resolution data, potentially leading to data breaches or unauthorized changes to issue resolutions.
The "Jira Unauthenticated Resolutions" module works by sending a GET request to the "/rest/api/2/resolution" endpoint in Jira instances. It then applies a set of matching conditions to determine if the endpoint is accessible without authentication.
Matching conditions:
- The response status code must be 200. - The response must contain the words "self," "description," and "name" in any part of the response. - The response headers must include the word "atlassian.xsrf.token".If all the matching conditions are met, the module reports a potential vulnerability, indicating that unauthenticated access to the resolution endpoint is possible.
Example HTTP request:
GET /rest/api/2/resolution
Note: The above example is a simplified representation of the HTTP request used by the module.