CVE-2019-3401

CVE Database · CVE-2019-3401

CVE-2019-3401

· MEDIUMModified

CVSS v3.1

5.3

EPSS

12.72%

Published

May 22, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-863CWE-863

Affected Products (2)

atlassian · jira (up to 7.13.3)vulnerable

atlassian · jira_server (up to 8.1.1)vulnerable

References (2)

https://jira.atlassian.com/browse/JRASERVER-69244

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-69244

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs