hacktricks/network-services-pentesting/pentesting-web/jira.md

5.1 KiB

JIRA

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If you are interested in hacking career and hack the unhackable - we are hiring! (fluent polish written and spoken required).

{% embed url="https://www.stmcyber.com/careers" %}

Check Privileges

In Jira, privileges can be checked by any user, authenticated or not, through the endpoints /rest/api/2/mypermissions or /rest/api/3/mypermissions. These endpoints reveal the user's current privileges. A notable concern arises when non-authenticated users hold privileges, indicating a security vulnerability that could potentially be eligible for a bounty. Similarly, unexpected privileges for authenticated users also highlight a vulnerability.

An important update was made on 1st February 2019, requiring the 'mypermissions' endpoint to include a 'permission' parameter. This requirement aims to enhance security by specifying the privileges being queried: check it here

  • ADD_COMMENTS
  • ADMINISTER
  • ADMINISTER_PROJECTS
  • ASSIGNABLE_USER
  • ASSIGN_ISSUES
  • BROWSE_PROJECTS
  • BULK_CHANGE
  • CLOSE_ISSUES
  • CREATE_ATTACHMENTS
  • CREATE_ISSUES
  • CREATE_PROJECT
  • CREATE_SHARED_OBJECTS
  • DELETE_ALL_ATTACHMENTS
  • DELETE_ALL_COMMENTS
  • DELETE_ALL_WORKLOGS
  • DELETE_ISSUES
  • DELETE_OWN_ATTACHMENTS
  • DELETE_OWN_COMMENTS
  • DELETE_OWN_WORKLOGS
  • EDIT_ALL_COMMENTS
  • EDIT_ALL_WORKLOGS
  • EDIT_ISSUES
  • EDIT_OWN_COMMENTS
  • EDIT_OWN_WORKLOGS
  • LINK_ISSUES
  • MANAGE_GROUP_FILTER_SUBSCRIPTIONS
  • MANAGE_SPRINTS_PERMISSION
  • MANAGE_WATCHERS
  • MODIFY_REPORTER
  • MOVE_ISSUES
  • RESOLVE_ISSUES
  • SCHEDULE_ISSUES
  • SET_ISSUE_SECURITY
  • SYSTEM_ADMIN
  • TRANSITION_ISSUES
  • USER_PICKER
  • VIEW_AGGREGATED_DATA
  • VIEW_DEV_TOOLS
  • VIEW_READONLY_WORKFLOW
  • VIEW_VOTERS_AND_WATCHERS
  • WORK_ON_ISSUES

Example: https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=BROWSE_PROJECTS,CREATE_ISSUES,ADMINISTER_PROJECTS

#Check non-authenticated privileges
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'

Automated enumeration

If you are interested in hacking career and hack the unhackable - we are hiring! (fluent polish written and spoken required).

{% embed url="https://www.stmcyber.com/careers" %}

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: