Description

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Remediation

References

CVE-2019-3403

Related Vulnerabilities

WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3966)

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2014-0118)

Nexus Repository Manager Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11415)

WordPress Plugin Tweet Blender Cross-Site Scripting (4.0.1)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9015)

Severity

Medium

Classification

CVE-2019-3403 CWE-863

Tags

Missing Update Known Vulnerabilities