Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
447
VMScore

CVE-2019-8449

Published: 11/09/2019 Updated: 01/01/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Jira

Vulnerability Summary

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote malicious users to enumerate usernames via an information disclosure vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian jira

Exploits

Exploit DB: Jira 8.3.4 Information Disclosure
Jira version 834 suffers from a username enumeration information disclosure vulnerability ...

Github Repositories

https://github.com/r0lh/CVE-2019-8449

User Enumeration Proof Of Concept Exploit for CVE-2019-8449

CVE-2019-8449 Proof Of Concept Exploit for CVE-2019-8449 Jira < 840 User Enumeration Detail: wwwcvedetailscom/cve/CVE-2019-8449/ Usage $ go run CVE-2019-8449go -f USERFILEtxt -p 8080 -u examplecom

https://github.com/0x48piraj/Jiraffe

One stop place for exploiting Jira instances in your proximity

Jiraffe Jiraffe - One stop place for exploiting all Jira instances in your proximity Installation    |    Usage    |    Demo    |    Documentation Features Jiraffe is a sem

https://github.com/anmolksachan/JIRAya

JIRA"YA is a vulnerability analyzer for JIRA instances. It runs active scans to identify vulnerabilities by interacting with the host and conducting tests.

JIRA"YA - JIRA Yet Another vulnerability Analyzer by @FR13ND0x7f What is JIRA? JIRA is a popular p

https://github.com/mufeedvh/CVE-2019-8449

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

CVE-2019-8449 CVE-2019-8449 Exploit for Jira Releases Below v834 CVSS Score: 50 Vulnerability Type(s): Information Disclosure Authentication: Not Required Affected Versions: 21 - 834 Publish Date: 2019-09-11 Exploit-DB: wwwexploit-dbcom/exploits/47990 Description The /rest/api/latest/groupuserpicker resource in Jira before version 840 allows remote atta

https://github.com/0x48piraj/jiraffe

One stop place for exploiting Jira instances in your proximity

Jiraffe Jiraffe - One stop place for exploiting all Jira instances in your proximity Installation    |    Usage    |    Demo    |    Documentation Features Jiraffe is a sem

https://github.com/hackerhackrat/R-poc

一款用于快速验证漏洞的简易框架

R-poc 一款用于快速验证漏洞的简易框架 基于Airpoc,对其进行了改动 原项目文章:paperseebugorg/913/ 支持单/多目标,多目标写在文件列表内 暴力执行pocs目录下的所有poc对目标进行测试 可检测列表 Struts2系列 st2-045 st2-046 unauth redis-unauthpy mongodb-unauthpy zookeeper-unauthpy jenkins-u

References

CWE-306https://jira.atlassian.com/browse/JRASERVER-69796http://packetstormsecurity.com/files/156172/Jira-8.3.4-Information-Disclosure.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/156172/Jira-8.3.4-Information-Disclosure.htmlhttps://github.com/r0lh/CVE-2019-8449
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook