{"vulnerability": "CVE-2022-26135", "sightings": [{"uuid": "a27da591-856e-43eb-9199-1e5db8351fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2690", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1a CVE-2022-26135 \nURL\uff1ahttps://github.com/safe3s/CVE-2022-26135\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-12T16:43:27.000000Z"}, {"uuid": "768a4635-2fbe-4a8b-851a-213066d70e64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2645", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)\nURL\uff1ahttps://github.com/assetnote/jira-mobile-ssrf-exploit\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-05T21:42:38.000000Z"}, {"uuid": "5000e6c3-7eae-4816-a5a7-c6b03c38bee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "https://t.me/poxek/1866", "content": "CVE-2022-26135 - Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server\n\n\u041d\u0438\u043a\u043e\u0433\u0434\u0430 \u0442\u0430\u043a\u043e\u0433\u043e \u043d\u0435 \u0431\u044b\u043b\u043e \u0438 \u0432\u043e\u0442 \u043e\u043f\u044f\u0442\u044c \u043d\u043e\u0432\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0434\u044b\u0440\u043a\u0430 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Atlassian(CVE-2022-26135).\ud83e\uddd0\n\u0412 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u0432\u0438\u043d\u043e\u0432\u043d\u0438\u043a\u043e\u043c \u0442\u043e\u0440\u0436\u0435\u0441\u0442\u0432\u0430 \u0441\u0442\u0430\u043b Mobile Plugin for Jira Data Center and Server.\ud83d\udcf1\n\u041f\u043e\u0434 \u0443\u0434\u0430\u0440 \u043f\u043e\u043f\u0430\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b:\nJira:\n    Jira Core Server\n    Jira Software Server\n    Jira Software Data Center\n\nJira Service Management (JSM):\n    Jira Service Management Server\n    Jira Service Management Data Center\n\n\u0411\u043b\u0430\u0433\u043e \u043f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438, \u0442\u0430\u043a \u0447\u0442\u043e \u0438\u0434\u0451\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f, \u043a\u043e\u043b\u043b\u0435\u0433\u0438! \n\n\ud83c\udf0e \u041c\u0438\u0440\u0443 \u2014 \u043c\u0438\u0440!\n#atlassian #jira #cve", "creation_timestamp": "2022-06-30T07:45:39.000000Z"}, {"uuid": "3a83abe0-ceaf-4bda-a06b-4d78141a5389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "Telegram/tvagmoXGD-sjRG5teDO-DfPH2_iB-IEEjYRnLqN5-gAxoA", "content": "", "creation_timestamp": "2022-07-15T08:17:26.000000Z"}, {"uuid": "498c3bde-dc60-4d00-9494-52760ada1e9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "Telegram/zDRnO6gaGxeIz1bQfFY5OzLIR3dLokI7RQea6qGCIZz-2g", "content": "", "creation_timestamp": "2022-07-07T05:05:31.000000Z"}, {"uuid": "f3d434c9-5d17-4768-b0f6-956fa6cd9aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "https://t.me/proxy_bar/907", "content": "CVE-2022-26135\njira-mobile-ssrf-exploit\nFull-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server\nexploit\n\n#jira #exploits", "creation_timestamp": "2022-07-07T15:26:29.000000Z"}, {"uuid": "c65037b4-abd2-414c-9411-8c6390db77a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "published-proof-of-concept", "source": "Telegram/qkjjTnpbPqtqtXss4CpuJRtwPob7ykLQIklSqZBpHPFWIw", "content": "", "creation_timestamp": "2022-07-06T12:33:57.000000Z"}, {"uuid": "c5d7b7da-df56-4ecc-9e28-8d41a89a3ed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/298", "content": "\u200b\u200b CVE-2022-26135 : Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server\nhttps://github.com/assetnote/jira-mobile-ssrf-exploit\nhttps://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira", "creation_timestamp": "2022-07-06T19:46:33.000000Z"}, {"uuid": "09c7b914-cb9e-432b-bb99-58ed3c36555a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/1318", "content": "Jira Mobile SSRF Exploit\n\n#CVE-2022-26135 #Exploit #SSRF #RedTeam #Jira #Mobile\n#CyberSecurity #Hacking #Bugbounty #OSINT #Vulnerability\n#Malware #VAPT #Pentest #CVE\n\nhttps://reconshell.com/jira-mobile-ssrf-exploit/", "creation_timestamp": "2022-07-08T20:48:01.000000Z"}, {"uuid": "2f58d8de-ae13-4c9d-af2a-6d75ee96dfe8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "https://t.me/crackcodes/838", "content": "Updates On Hackbyte Forum:-\n\n\ud83d\udcccRetbleed: Arbitrary Speculative Code Execution with Return Instructions\n\ud83d\udcccExecuting Arbitrary Code Over a Phone Line Thanks to the XBAND Video Game Modem\n\ud83d\udcccRolling PWN Attack Affecting Honda Vehicles\n\ud83d\udcccCVE-2022-32223 Discovery: DLL Hijacking via npm CLI\n\ud83d\udcccFrom Prototype Pollution to Remote Code Execution in Blitz.js\n\ud83d\udcccAttacking Active Directory: 0 to 0.9\n\ud83d\udcccCVE-2022-29885 \u2013 Apache Tomcat Cluster Service DoS\n\ud83d\udcccCVE-2022-29593\n\ud83d\udcccNorth South University / Bangladesh / email login\n\ud83d\udcccdeeppaste Leak\n\ud83d\udcccLivejournalfull Leak\n\ud83d\udcccGemotest Crm Leak\n\ud83d\udcccSplunk Attack\n\ud83d\udcccNzyme - WiFi Defense System\n\ud83d\udcccProject-Whis - Advanced HTTP Botnet\n\ud83d\udcccCode Signing Certificate Cloning Attack\n\ud83d\udcccRetbleed - Arbitrary Speculative Code Execution with Return Instruction.\n\ud83d\udcccConfluence Pre-Auth RCE.\n\ud83d\udcccmicrosoft-rpc-fuzzing-tools\n\ud83d\udcccCVE-2022-26135\n\ud83d\udcccXSS Payload List\n\ud83d\udcccheaders for hackers | PHP #ssrf | #cve-2020-7066 Video\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffb Updates:- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-07-16T09:11:59.000000Z"}, {"uuid": "2341e305-0a4a-4ae2-ab18-d79228306283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/804", "content": "Today's Updates\n\n1. Oftalmolog.bg  Leak database\n2. Pakistan locatefamily.com Data Leak\n3. XDEBUG-RCE-Exploit\n4. Xmind Map For Web Penetration Testing & Red Teaming\n5. KRWX - Kernel Read Write eXecute\n6. A collection of my Penetration Testing Tools, Scripts, Cheatsheets\n7. CVE-2022-26135\n8. killingbeats.com | bilet.bg > SQLs & Mails (passwords for club owners)\n9. Andspoilt\n10. MineRootkit\n11. Swarmshop.ws Leak\n12. Board Of Shame leak site\n13. Cheers Ransomware Leak Site\n14. Developer Tools for bugbounty hunters\n15. (Toxssin \u2013 Open-source Penetration Testing Tool That Automates Exploiting Cross-Site Scripting (XSS))\n16. Hacking a Company with 0-Click Email Attack | #phishing #redteam\n17. Coefis.com Leak\n18. buymebook Leak\n19. PasteExploit - A malicious command generator for windows and Linux systems written in #Python.\n20. Vinstar Data leak\n\nAll Updates on \ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffb https://forum.hackbyte.org", "creation_timestamp": "2022-07-07T11:46:10.000000Z"}, {"uuid": "9d57918a-1a5e-4398-807e-63b1b844bfef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "https://t.me/cibsecurity/45394", "content": "\u203c CVE-2022-26135 \u203c\n\nA vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T12:38:23.000000Z"}, {"uuid": "096e9d8e-58d0-4e43-801c-76910e64c785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "https://t.me/thebugbountyhunter/6360", "content": "Advisory: Server Side Request Forgery in Jira Server (CVE-2022-26135)\n\nhttps://blog.assetnote.io/2022/06/26/jira-ssrf-advisory/", "creation_timestamp": "2022-07-08T09:25:51.000000Z"}, {"uuid": "3f71b41f-da89-40bd-8e65-e4f98de852cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6362", "content": "Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135)\n\nhttps://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/", "creation_timestamp": "2022-07-08T10:59:07.000000Z"}, {"uuid": "8e6c1534-79cc-4f0f-b86d-72dd66202636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-26135", "type": "seen", "source": "Telegram/YwnncP99e-EOuTc4C9ZOd4fkbkttmEZQV0UEbD3Bd1vqXz0", "content": "", "creation_timestamp": "2022-06-30T15:59:04.000000Z"}]}