Description

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Remediation

References

CVE-2019-8448

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2003-0016)

WordPress Plugin Zoho CRM Lead Magnet Unspecified Vulnerability (1.7.2.9)

WordPress Plugin Simply Show Hooks Malicious Code (1.2.1)

ownCloud Improper Authentication Vulnerability (CVE-2014-2047)

WordPress Plugin YITH WooCommerce Product Add-Ons Cross-Site Scripting (2.2.2)

Severity

Medium

Classification

CVE-2019-8448 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities