CVE-2019-3403

2019-05-2217:35:03

CWE-863

atlassian

www.cve.org

AI Score

5.2

Confidence

High

EPSS

0.004

Percentile

73.0%

JSON

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CNA Affected

[
  {
    "product": "Jira",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "7.13.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.0.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "8.1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]