Vulners
Lucene search
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Information disclosure in the ManageFilters.jspa resource - CVE-2019-3401 | 29 Apr 201904:02 | – | atlassian |
| Information disclosure in the ManageFilters.jspa resource - CVE-2019-3401 | 29 Apr 201904:02 | – | atlassian |
 | CVE-2019-3401 | 22 May 201918:48 | – | circl |
 | Atlassian Jira Information Disclosure Vulnerability (CNVD-2019-32323) | 23 May 201900:00 | – | cnvd |
 | CVE-2019-3401 | 22 May 201917:27 | – | cve |
 | CVE-2019-3401 | 22 May 201917:27 | – | cvelist |
 | Atlassian Jira 7.6.x < 7.6.13, 7.7.0 < 7.13.3, 8.x < 8.1.1 Information Disclosure Vulnerability | 25 Oct 201900:00 | – | nessus |
| Atlassian Jira 7.13.x < 7.13.4 Multiple Vulnerabilities | 14 Mar 202300:00 | – | nessus |
| Atlassian Jira 8.0.0 < 8.1.1 Multiple Vulnerabilities | 14 Mar 202300:00 | – | nessus |
 | CVE-2019-3401 | 22 May 201918:29 | – | nvd |
10
id: CVE-2019-3401
info:
name: Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
author: TechbrunchFR,milo2012
severity: medium
description: Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
impact: |
The vulnerability allows unauthorized users to access sensitive information or perform unauthorized actions.
remediation: Ensure this permission is restricted to specific groups that require it via Administration > System > Global Permissions. Turning the feature off will not affect existing filters and dashboards. If you change this setting, you will still need to update the existing filters and dashboards if they have already been shared publicly. Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
reference:
- https://jira.atlassian.com/browse/JRASERVER-69244
- https://nvd.nist.gov/vuln/detail/CVE-2019-3401
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2019-3401
cwe-id: CWE-863
epss-score: 0.12719
epss-percentile: 0.9577
cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: atlassian
product: jira
shodan-query:
- http.component:"Atlassian Jira"
- http.component:"atlassian jira"
- http.component:"atlassian confluence"
- cpe:"cpe:2.3:a:atlassian:jira"
tags: cve,cve2019,jira,atlassian,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/secure/ManageFilters.jspa?filter=popular&filterView=popular"
matchers:
- type: word
words:
- '<span data-filter-field="owner-full-name">'
- '<title>Manage Filters - Jira</title>'
condition: and
# Remediation:
# Ensure that this permission is restricted to specific groups that require it.
# You can restrict it in Administration > System > Global Permissions.
# Turning the feature off will not affect existing filters and dashboards.
# If you change this setting, you will still need to update the existing filters and dashboards if they have already been
# shared publicly.
# Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
# digest: 4a0a00473045022100db52b7cd2afb6e384dac16af25a48db4c33bebd47a1bb19a938b8b85b49733ab02204832e4f2530d7060d38054962cff80fa6c6019b6620520a4af3a409ee2df398b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 25
CVSS 3.15.3
EPSS0.12719