CVE-2019-3403

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Published: May 22, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3403
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.13.3
atlassian / jira_server	8.1.0	8.1.1
atlassian / jira_server	8.0.0	8.0.4

https://jira.atlassian.com/browse/JRASERVER-69242

Vulnerability Database

289,784

CVE-2019-3403