mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-29 14:33:10 +00:00
764 B
764 B
JIRA
Check Privileges
Inside a Jira instance any user even **non-authenticated**
can check its privileges in /rest/api/2/mypermissions
or /rest/api/3/mypermissions
. These endpoints will return your current privileges.
If a non-authenticated user have any privilege, this is a vulnerability bounty?
.
If an authenticated user have any unexpected privilege, this a a vuln.
#Check non-authenticated privileges
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'