CVE-2019-3403

Published: May 22, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Affected (3)

Products: Atlassian: Jira, Jira Server

Atlassian

2 products

Jira

Jira Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Atlassian Jira	Before 7.13.3
Atlassian Jira Server	From 8.0.0 to 8.0.4
Atlassian Jira Server	From 8.1.0 to 8.1.1

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://jira.atlassian.com/browse/JRASERVER-69242

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-69242

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.