mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-28 23:51:29 +00:00
101 lines
5.1 KiB
Markdown
101 lines
5.1 KiB
Markdown
# JIRA
|
|
|
|
<details>
|
|
|
|
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Other ways to support HackTricks:
|
|
|
|
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
|
|
<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
|
|
|
|
{% embed url="https://www.stmcyber.com/careers" %}
|
|
|
|
### Check Privileges
|
|
|
|
In Jira, **privileges can be checked** by any user, authenticated or not, through the endpoints `/rest/api/2/mypermissions` or `/rest/api/3/mypermissions`. These endpoints reveal the user's current privileges. A notable concern arises when **non-authenticated users hold privileges**, indicating a **security vulnerability** that could potentially be eligible for a **bounty**. Similarly, **unexpected privileges for authenticated users** also highlight a **vulnerability**.
|
|
|
|
An important **update** was made on **1st February 2019**, requiring the 'mypermissions' endpoint to include a **'permission' parameter**. This requirement aims to **enhance security** by specifying the privileges being queried: [check it here](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
|
|
|
|
* ADD\_COMMENTS
|
|
* ADMINISTER
|
|
* ADMINISTER\_PROJECTS
|
|
* ASSIGNABLE\_USER
|
|
* ASSIGN\_ISSUES
|
|
* BROWSE\_PROJECTS
|
|
* BULK\_CHANGE
|
|
* CLOSE\_ISSUES
|
|
* CREATE\_ATTACHMENTS
|
|
* CREATE\_ISSUES
|
|
* CREATE\_PROJECT
|
|
* CREATE\_SHARED\_OBJECTS
|
|
* DELETE\_ALL\_ATTACHMENTS
|
|
* DELETE\_ALL\_COMMENTS
|
|
* DELETE\_ALL\_WORKLOGS
|
|
* DELETE\_ISSUES
|
|
* DELETE\_OWN\_ATTACHMENTS
|
|
* DELETE\_OWN\_COMMENTS
|
|
* DELETE\_OWN\_WORKLOGS
|
|
* EDIT\_ALL\_COMMENTS
|
|
* EDIT\_ALL\_WORKLOGS
|
|
* EDIT\_ISSUES
|
|
* EDIT\_OWN\_COMMENTS
|
|
* EDIT\_OWN\_WORKLOGS
|
|
* LINK\_ISSUES
|
|
* MANAGE\_GROUP\_FILTER\_SUBSCRIPTIONS
|
|
* MANAGE\_SPRINTS\_PERMISSION
|
|
* MANAGE\_WATCHERS
|
|
* MODIFY\_REPORTER
|
|
* MOVE\_ISSUES
|
|
* RESOLVE\_ISSUES
|
|
* SCHEDULE\_ISSUES
|
|
* SET\_ISSUE\_SECURITY
|
|
* SYSTEM\_ADMIN
|
|
* TRANSITION\_ISSUES
|
|
* USER\_PICKER
|
|
* VIEW\_AGGREGATED\_DATA
|
|
* VIEW\_DEV\_TOOLS
|
|
* VIEW\_READONLY\_WORKFLOW
|
|
* VIEW\_VOTERS\_AND\_WATCHERS
|
|
* WORK\_ON\_ISSUES
|
|
|
|
Example: `https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=BROWSE_PROJECTS,CREATE_ISSUES,ADMINISTER_PROJECTS`
|
|
|
|
```bash
|
|
#Check non-authenticated privileges
|
|
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'
|
|
```
|
|
|
|
### Automated enumeration
|
|
|
|
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
|
|
* [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
|
|
|
|
<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
|
|
|
|
{% embed url="https://www.stmcyber.com/careers" %}
|
|
|
|
<details>
|
|
|
|
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Other ways to support HackTricks:
|
|
|
|
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|