CVE-2019-3403

Summary

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.13.3affected
AtlassianJira8.0.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.0.4affected
AtlassianJira8.1.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.1.1affected

Weaknesses

  • CWE-863: Incorrect Authorization (CWE-863)

ADP Enrichment

CVE Program Container

Additional References

References