Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-01-01 15:58:49 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting/pentesting-web/jira.md

18 lines
756 B
Markdown
Raw Normal View History

GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
# JIRA
### Check Privileges
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
Inside a Jira instance **any user** (even **non-authenticated**) can **check its privileges** in `/rest/api/2/mypermissions` or `/rest/api/3/mypermissions` . These endpoints will return your current privileges.\
If a **non-authenticated** user have any **privilege**, this is a **vulnerability **(bounty?).\
If an **authenticated **user have any **unexpected privilege**, this a a **vuln**.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```bash
#Check non-authenticated privileges
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'
```
GitBook: [master] one page modified
2021-07-26 11:23:34 +00:00
### Automated enumeration
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
GitBook: [master] one page modified
2021-07-26 11:23:34 +00:00
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
* [https://github.com/bcoles/jira_scan](https://github.com/bcoles/jira_scan)
Reference in a new issue Copy permalink