{"vulnerability": "cve-2019-2040", "sightings": [{"uuid": "f840552c-8ca5-49a3-86f2-b76cb7552d6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20409", "type": "seen", "source": "https://t.me/cibsecurity/13033", "content": "ATENTION\u203c New - CVE-2019-20409\n\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-06-25T07:55:41.000000Z"}, {"uuid": "6a767989-4f03-4e1d-b0be-acb4d939dcb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20408", "type": "seen", "source": "https://t.me/cibsecurity/13167", "content": "ATENTION\u203c New - CVE-2019-20408\n\nThe /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-01T13:55:29.000000Z"}, {"uuid": "a48e19f0-4cd6-461c-b783-a332b1c4579d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20408", "type": "seen", "source": "https://t.me/cibsecurity/13157", "content": "ATENTION\u203c New - CVE-2019-20408\n\nThe /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-01T08:55:15.000000Z"}, {"uuid": "d345e4d1-4618-4739-bddd-8464d0c3493e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-20408", "type": "seen", "source": "https://t.me/cibsecurity/13185", "content": "ATENTION\u203c New - CVE-2019-20408\n\nThe /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-01T16:55:05.000000Z"}]}