CVE STALKER

CVE-2020-36239

CVSS
DESCRIPTIONJira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
HEAT SCORE207

WORDS

TWEETS

DATE TWEETS USER
2021-08-20 19:50:05Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) - @dozernz https://t.co/0GwwipjjH5 https://dozer.nz/posts/CVE-2020-36239-POC-devpentest_swissky
2021-08-16 12:10:08Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) https://t.co/z9rQ5PPVja https://dozer.nz/posts/CVE-2020-36239-POC-devnigroeneveld
2021-08-11 20:31:35New post from https://t.co/uXvPWJy6tj (CVE-2020-36239 (core_data_center, data_center, service_management_data_cente… https://t.co/S1pQDYQ7z3 http://www.sesin.at https://twitter.com/i/web/status/1425554023613140992WolfgangSesin
2021-08-11 20:31:04New post from https://t.co/9KYxtdZjkl (CVE-2020-36239 (core_data_center, data_center, service_management_data_cente… https://t.co/EUeFklUfIe http://www.sesin.at https://twitter.com/i/web/status/1425554054856552449www_sesin_at
2021-08-11 19:12:44🚨 NEW: CVE-2020-36239 🚨 Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 befor… https://t.co/XpQRIQJqUi https://twitter.com/i/web/status/1425532580166873089threatintelctr
2021-08-08 06:20:30Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) https://t.co/W6OJuVFKE8 https://www.reddit.com/r/netsec/comments/ox8hlv/developing_an_exploit_for_the_jira_data_center/?utm_source=dlvr.it&utm_medium=twittertechadversary
2021-08-04 15:50:19CVE-2020-36239 Jira Data Center RMI RCE https://t.co/GusXHm6Zdv https://t.co/A1EoPRxcWl https://t.zsxq.com/MzVBqZnchybeta
2021-08-04 08:40:13Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239): https://t.co/nqqWdW9ADI #follow & #RT #cybersecurity #infosec https://ift.tt/3CfBtOEKeoXes
2021-08-04 08:20:06Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) | https://t.co/RFEBVLMxfE https://t.co/AeMcIdzm4s http://dozer.nz https://dozer.nz/posts/CVE-2020-36239-POC-devSecurityblog
2021-08-03 21:40:27Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) https://t.co/yHsOpi32WV #Jira #RCE #CVE https://dozer.nz/posts/CVE-2020-36239-POC-devaxcheron
2021-08-03 21:30:07Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) https://t.co/E1GGJuCHwe https://www.reddit.com/r/netsec/comments/ox8hlv/developing_an_exploit_for_the_jira_data_center/Dinosn
2021-08-03 18:00:04Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) via /r/netsec https://t.co/6w8lw071CW… https://t.co/02lP6vPzgP https://ift.tt/2Vhobk4 https://twitter.com/i/web/status/1422618152773595144CybrXx0
2021-08-03 17:50:10Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) https://t.co/svbANLqFMr https://dozer.nz/posts/CVE-2020-36239-POC-dev_r_netsec
2021-08-03 17:50:07New post: "Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239)" https://t.co/0gtoGGn1XC https://ift.tt/3CfBtOEMyinfosecfeed
2021-07-31 10:10:05Developing an exploit for the Jira Data Center Ehcache RCE (CVE-2020-36239) https://t.co/SF00y4MUfc #Pentesting… https://t.co/iiPeZMjSR4 https://dozer.nz/posts/CVE-2020-36239-POC-dev https://twitter.com/i/web/status/1421412061146398721ptracesecurity
2021-07-30 07:10:07CVE-2020-36239 Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16,… https://t.co/VZ3DGK9Hi8 https://twitter.com/i/web/status/1421005064446095365threatmeter
2021-07-30 03:10:09Added a new blog post on how I developed a proof of concept exploit for the Jira DC RCE (CVE-2020-36239), including… https://t.co/acphjWAQfM https://twitter.com/i/web/status/1420943732170379271dozernz
2021-07-29 14:50:04CVE-2020-36239 https://t.co/q9GLpfdCiP http://dlvr.it/S4fsk20_exploit
2021-07-29 14:10:03Let the annals of the day show that CVE-2020-36239... has been granted the moniker Splashy Sloth https://t.co/qBZkhFZVA1 https://nvd.nist.gov/vuln/detail/CVE-2020-36239vulnonym
2021-07-29 13:20:05Ehcache - CVE-2020-36239: https://t.co/5aOuoRbmm5 https://jira.atlassian.com/browse/JRASERVER-72566LinInfoSec
2021-07-29 13:00:04CVE-2020-36239 https://t.co/sTs3vRjnxb https://ift.tt/2UZtCUNxanadulinux
2021-07-29 12:50:04New vulnerability on the NVD: CVE-2020-36239 https://t.co/jLuZ1xZD3O https://ift.tt/2UZtCUNworkentin
2021-07-29 12:40:06New vulnerability on the NVD: CVE-2020-36239 https://t.co/sFEXgHDjEM https://ift.tt/2UZtCUNWesUncensored
2021-07-29 12:30:07New post from https://t.co/uXvPWJy6tj (CVE-2020-36239) has been published on https://t.co/xcfb6wi9aM http://www.sesin.at https://www.sesin.at/2021/07/29/cve-2020-36239/WolfgangSesin
2021-07-29 12:30:06New post from https://t.co/9KYxtdZjkl (CVE-2020-36239) has been published on https://t.co/Qh8vEvwhpZ http://www.sesin.at https://www.sesin.at/2021/07/29/cve-2020-36239/www_sesin_at
2021-07-29 12:30:04CVE-2020-36239 https://t.co/p4qOjNxwWS #CVE #Vulnerability https://ift.tt/2UZtCUNVelletron
2021-07-29 11:50:16CVE-2020-36239 Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16,… https://t.co/bhZyrMJTiz https://twitter.com/i/web/status/1420712026305974278CVEnew
2021-07-28 07:41:17#Kritik #Jira zafiyeti #CVE-2020-36239 https://t.co/VWTi8WiCBj https://t.co/8Spi4pOB23 https://www.bleepingcomputer.com/news/security/atlassian-asks-customers-to-patch-critical-jira-vulnerability/eitatli
2021-07-27 17:20:28ATLASSIAN - CVE-2020-36239 - Jira Data Center and Jira Service Management Data Center https://t.co/xbRIXOUANK #FullDisclosure http://seclists.org/fulldisclosure/2021/Jul/62SecurityNewsbot
2021-07-27 11:10:08ATLASSIAN - CVE-2020-36239 - Jira Data Center and Jira Service Management Data C.. - https://t.co/uCwqjLZHuY… https://t.co/FhEWchGyLZ https://www.getinfosec.news/7952808/atlassian-cve-2020-36239-jira-data-center-and-jira-service-management-data-center?via=tw https://twitter.com/i/web/status/1419977751172354048GetinfosecN
2021-07-27 09:42:27Multiple versions of its Jira Data Center and Jira Service Management Data Center product has CVE-2020-36239; that… https://t.co/6aD66vgGKN https://twitter.com/i/web/status/1419953869333872653argevise
2021-07-27 08:31:59New post from https://t.co/9KYxtdZjkl (Atlassian Jira Data Center Ehcache RMI deserialization [CVE-2020-36239]) has… https://t.co/bcLFaDIrf4 http://www.sesin.at https://twitter.com/i/web/status/1419935701978783776www_sesin_at
2021-07-27 08:31:50New post from https://t.co/uXvPWJy6tj (Atlassian Jira Data Center Ehcache RMI deserialization [CVE-2020-36239]) has… https://t.co/8WajU9TdlB http://www.sesin.at https://twitter.com/i/web/status/1419935703207714834WolfgangSesin
2021-07-23 16:00:14CVE-2020-36239 Atlassian Data enter products RCE in open source Ehcache Java EE component allows arbitrary code e… https://t.co/gLRPTZ27Ga https://twitter.com/i/web/status/1418599731891036163Shadow0pz
2021-07-23 14:30:05Analysis about CVE-2020-36239 1) Jira must be configed as cluster to enable Ehcache RMI 2) Env: test on Jira 8.5.10… https://t.co/CQsp2nmdmy https://twitter.com/i/web/status/1418578782491795457peterjson
2021-07-23 11:10:04Multiple versions of its Jira Data Center and Jira Service Management Data Center product has CVE-2020-36239; that… https://t.co/GvBMIc0TP2 https://twitter.com/i/web/status/1418527893668470785matarturo
2021-07-23 10:10:04Critical #Atlassian #Jira #Vulnerability CVE-2020-36239 Could Lead to #RCE and enable remote, unauthenticated atta… https://t.co/C6SdofeDKQ https://twitter.com/i/web/status/1418513350686871555securestep9
2021-07-23 10:00:06Atlassian/Jira still in 2020: CVE-2020-36239ttsec_
2021-07-23 08:40:27#vulnerability #CybersecurityNews CVE-2020-36239: Critical Atlassian Vulnerability Should Be Patched Immediately:… https://t.co/NnqaYtktMV https://twitter.com/i/web/status/1418489214010789895Milenyim
2021-07-23 05:20:10Atlassian has released security updates to address a critical vulnerability (CVE-2020-36239) present in their Jira… https://t.co/bnm9YOgVqa https://twitter.com/i/web/status/1418438939157745666CSAsingapore
2021-07-23 05:20:07[Notice-CSA] Atlassian has released security updates to address a critical vulnerability (CVE-2020-36239) present i… https://t.co/AJaqDUKliW https://twitter.com/i/web/status/1418439108230139908SG_Alerts
2021-07-23 04:10:08Achieved POC for CVE-2020-36239 (Jira Datacenter RCE). Took a bit longer than I thought and there's probably an ea… https://t.co/bdrkNSNDB5 https://twitter.com/i/web/status/1418420725275193347dozernz
2021-07-23 03:30:09Before you go farming for the Jira vuln #CVE-2020-36239, remember the advisory say it's in Jira Datacenter versions… https://t.co/ZMrTpCr0Sy https://twitter.com/i/web/status/1418410760225574914kenjoe41
2021-07-22 21:30:04Atlassian unauthenticated RCE CVE-2020-36239 Jira Data Center Jira Core Data Center Jira Software Data Center Jir… https://t.co/k6MRT351od https://twitter.com/i/web/status/1418322154991534088TryCatchHCF
2021-07-22 14:40:03Vulnerabilidad crítica en Atlassian Jira Data Center https://t.co/oHcyTieCcj #Atlassian #CVE-2020-36239 #Jira #Vulnerabilidad https://csirt.telconet.net/comunicacion/boletines-servicios/vulnerabilidad-critica-en-atlassian-jira-data-center/CSIRT_Telconet
2021-07-22 09:10:03CVE-2020-36239 Atlassian is prompting its enterprise customers to patch a critical vulnerability in many versions… https://t.co/BGgQkz4PC0 https://twitter.com/i/web/status/1418135289428652038VulmonFeeds
2021-07-22 08:40:04■■■■□ Multiple versions of its Jira Data Center and Jira Service Management Data Center product has CVE-2020-36239;… https://t.co/KtDzKMhNGd https://twitter.com/i/web/status/1418127736397352961cKure7
2021-07-22 08:30:06Assigned CVE-2020-36239 and reported by Harrison Neal.Ax_Sharma