3 matches found
CVE-2026-42864 FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft
FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...
FireFighter 访问控制错误漏洞
FireFighter is an event management tool developed by ManoMano Tech. Versions of FireFighter prior to 0.0.54 contained an access control vulnerability. This vulnerability stemmed from the POST /api/v2/firefighter/raid/jirabot endpoint, which allowed unauthorized access without authentication...
Atlassian JIRA Server and Data Center Cross-Site Scripting Vulnerability (CNVD-2020-53364)
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...