5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.157 Low
EPSS
Percentile
96.0%
An username information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid usernames and invalid usernames via /rest/issueNav/1/issueTable
API endpoint.
Atlassian Jira 7.6.4 Atlassian Jira 8.1.0
<https://www.atlassian.com/software/jira>
5.3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-862 - Missing Authorization
An attacker can use this vector to identify usernames for valid accounts. This does not require a valid session.
Submit a POST to /rest/issueNav/1/issueTable
with the following body:
jql=project in projectsLeadByUser("<USER>")
replacing <USER>
with a possibly valid username. Any other function that takes a username as a parameter can also be used, not just projectsLeadByUser()
.
A response status code of 400 containing ββ¦the user does not existβ¦β indicates the username is not valid.
A response status code of 200 containing a valid JSON issueTable object indicates the username is valid.
2019-05-14 - Vendor Disclosure
2019-08-14 - Vendor Patched
2019-09-16 - Public Release
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.157 Low
EPSS
Percentile
96.0%