Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
572
VMScore

CVE-2019-8451

Published: 11/09/2019 Updated: 28/03/2022
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 572
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Atlassian

Vulnerability Summary

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote malicious users to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian jira server

Github Repositories

https://github.com/0x48piraj/Jiraffe

One stop place for exploiting Jira instances in your proximity

Jiraffe Jiraffe - One stop place for exploiting all Jira instances in your proximity Installation    |    Usage    |    Demo    |    Documentation Features Jiraffe is a sem

https://github.com/ajh11g/Jira-CVE-2019-8451

POC to check for Jira instances vulnerable to CVE-2019-8451

Jira CVE-2019-8451 POC Description Proof of concept scan to check if a Jira host is vulnerable to CVE-2019-8451 CVE-2019-8451 CVE-2019-8451 is a pre-authentication server side request forgery (SSRF) vulnerability found in the /plugins/servlet/gadgets/makeRequest resource This vulnerability was introduced in Jira server version 760, and fixed in versions 7139 and 840 Req

https://github.com/jas502n/CVE-2019-8451

Jira未授权SSRF漏洞

CVE-2019-8451 Jira未授权SSRF漏洞 python usage python CVE-2019-8451py wwwjas502ncom:8080 root@kali:~/CVE-2019-8451# python CVE-2019-8451py wwwjas502ncom:8080 >>>>SSRF URL: wwwbaiducom >>>>Send poc Success! X-AUSERNAME= anonymous >>>>vuln_url= wwwjas502nc

https://github.com/h0ffayyy/Jira-CVE-2019-8451

POC to check for Jira instances vulnerable to CVE-2019-8451

Jira CVE-2019-8451 POC Description Proof of concept scan to check if a Jira host is vulnerable to CVE-2019-8451 CVE-2019-8451 CVE-2019-8451 is a pre-authentication server side request forgery (SSRF) vulnerability found in the /plugins/servlet/gadgets/makeRequest resource This vulnerability was introduced in Jira server version 760, and fixed in versions 7139 and 840 Req

https://github.com/c26root/hb

Fast http batch request tool

hb Fast http batch request tool Installing bash buildsh Example Load File Target /hb -f ipstxt -p 80 Add HTTP Header -H "Host: bypasscdn" Show ProgressBar -pg Follow redirect (30x) -redirect

https://github.com/0xbug/CVE-2019-8451

https://jira.atlassian.com/browse/JRASERVER-69793

CVE-2019-8451 jiraatlassiancom/browse/JRASERVER-69793 host:port/plugins/servlet/gadgets/makeRequest?url={}:{}@{}'format(host, port, target) host:port/plugins/servlet/gadgets/makeRequest?url={}:{}@{}'format(host, port, target)

https://github.com/0x48piraj/jiraffe

One stop place for exploiting Jira instances in your proximity

Jiraffe Jiraffe - One stop place for exploiting all Jira instances in your proximity Installation    |    Usage    |    Demo    |    Documentation Features Jiraffe is a sem

References

CWE-918https://jira.atlassian.com/browse/JRASERVER-69793https://nvd.nist.govhttps://github.com/0x48piraj/Jiraffe
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook