Proof of concept scan to check if a Jira host is vulnerable to CVE-2019-8451
CVE-2019-8451 is a pre-authentication server side request forgery (SSRF) vulnerability found in the /plugins/servlet/gadgets/makeRequest resource.
This vulnerability was introduced in Jira server version 7.6.0, and fixed in versions 7.13.9 and 8.4.0.
Only needs the requests library.
Install with pip3 install requests
$ ./jira-2019-8451.py -h
usage: jira-2019-8451.py [-h] [-u URL] [-c]
For checking if a Jira instance is vunlerable to CVE-2019-8451
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL URL of the target Jira instance e.g. '-u
https://localhost:8080'
-c, --check Only check the Jira version; doesn't send SSRF attempt
Host probably vulnerable:
$ python3 jira.py -u https://localhost:8080
[-] Testing https://localhost:8080...
[-] Checking for version...
[-] Jira version appears to be: 8.3.4
[-] Sending SSRF test...
[+] Host appears to be vulnerable!
Host probably not vulnerable:
$ python3 jira.py -u https://localhost:8080
[-] Testing https://localhost:8080...
[-] Checking for version...
[-] Jira version appears to be: 8.4.1
[-] Sending SSRF test...
[!] Host doesn't appear to be vulnerable.