Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42864

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...

9.9CVSS5.8AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 7:16 p.m.18 views

CVE-2026-42864

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...

9.9CVSS0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:19 p.m.45 views

CVE-2026-42864 FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...

9.9CVSS0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.12 views

PT-2026-37285

Name of the Vulnerable Software and Affected Versions FireFighter versions prior to 0.0.54 Description The 'POST /api/v2/firefighter/raid/jira bot' endpoint CreateJiraBotView is accessible without authentication. The attachments payload is processed via httpx.get without URL validation, allowing ...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References10
Rows per page
Query Builder