CVE-2019-8448

Summary

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.13.4affected
AtlassianJira8.0.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.2.2affected

Weaknesses

  • Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References