Description

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Remediation

References

CVE-2019-3401

Related Vulnerabilities

Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)

Envoy Proxy CVE-2019-18802 Vulnerability (CVE-2019-18802)

WordPress Plugin Brizy-Page Builder Unspecified Vulnerability (2.4.45)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27914)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2067)

Severity

Medium

Classification

CVE-2019-3401 CWE-863

Tags

Missing Update Known Vulnerabilities