Description

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Remediation

References

CVE-2019-3401

Related Vulnerabilities

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-35612)

phpMyAdmin Other Vulnerability (CVE-2007-2016)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3388)

WordPress Plugin UserPro-Community and User Profile Privilege Escalation (4.9.27)

Severity

Medium

Classification

CVE-2019-3401 CWE-863

Tags

Missing Update Known Vulnerabilities