Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Jira Unauthenticated User Picker" module is a test case designed to detect misconfigurations in the Atlassian Jira software. It focuses on the user picker functionality and aims to identify any vulnerabilities or potential security issues related to this feature. The module has an informative severity level, providing valuable insights without posing an immediate threat. The original author of this module is TechbrunchFR.
This module helps identify any misconfigurations or vulnerabilities in the user picker functionality of Atlassian Jira. By detecting potential issues, it allows administrators to take appropriate actions to secure their Jira instances and protect sensitive user information.
The "Jira Unauthenticated User Picker" module utilizes HTTP request templates and matching conditions to perform its scanning. It sends a GET request to the "/secure/popups/UserPickerBrowser.jspa" path in Jira. The module then applies a matching condition that checks if the response contains the term "user-picker". If this condition is met, the module reports a vulnerability.
By analyzing the response from the user picker functionality, the module can identify any potential misconfigurations or vulnerabilities that may exist. This information can be used by administrators to address these issues and ensure the security of their Jira installations.