Published: 22/05/2019 Updated: 25/03/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote malicious users to enumerate usernames via an incorrect authorisation check.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian jira
atlassian jira server

JIRA"YA is a vulnerability analyzer for JIRA instances. It runs active scans to identify vulnerabilities by interacting with the host and conducting tests.

JIRA"YA - JIRA Yet Another vulnerability Analyzer by @FR13ND0x7f What is JIRA? JIRA is a popular p

A simple python3 exploit for CVE-2019-3403

CVE-2019-3403 I wanted to easily be able to exploit CVE-2019-3403 to scrape all the users from a JIRA application, so I threw this script together It isn't the cleanest code ever, and it doesn't handle requests that return over 1000 users (it will just truncate them to the first 1000) - but it can quickly scrape all of the users from a vulnerable JIRA server Usage u

CWE-863 https://jira.atlassian.com/browse/JRASERVER-69242 https://nvd.nist.gov https://github.com/anmolksachan/JIRAya

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-3403

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect