Information disclosure on sim.starbucks.com

Vulnerability Details

Technical details and impact analysis

Information Disclosure

**Description:** Hi,there.I found the sim.starbucks.com host deployed the jira server which version is 7.9.2,there is many public vulnerability on this low version. **Information disclosured vulnerability** 1.(CVE-2019-3403)https://jira.atlassian.com/browse/JRASERVER-69242 visit the URL address,you can check the user whether is exist on this host ``` https://sim.starbucks.com/rest/api/2/user/picker?query=admin ``` So the attacker can enumerate all existing users on this jira server. 2.(CVE-2019-8442)https://jira.atlassian.com/browse/JRASERVER-69241 visit the URL address,the server will leaking some server's information ``` https://sim.starbucks.com/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml ``` ## Recommendations for fix updated the jira server's version or fixed PS:Can starbucks's team check my other report #533836 status?the report is not updated for too long. Thank you.looking forward for your reply. Best regards! @johnstone ## Impact Leaking some information about the server

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2019-3403 UNKNOWN

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVE-2019-8442 UNKNOWN

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness