HackTricks
Searchโ€ฆ
๐Ÿ‘ฝ
Network Services Pentesting
JIRA
Support HackTricks and get benefits!

Check Privileges

Inside a Jira instance any user (even non-authenticated) can check its privileges in /rest/api/2/mypermissions or /rest/api/3/mypermissions . These endpoints will return your current privileges. If a non-authenticated user have any privilege, this is a vulnerability (bounty?). If an authenticated user have any unexpected privilege, this a a vuln.
#Check non-authenticated privileges
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'

Automated enumeration

Support HackTricks and get benefits!
Last modified 3mo ago