Description

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Remediation

References

CVE-2019-3401

Related Vulnerabilities

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-8004)

CubeCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3904)

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts Cross-Site Scripting (2.1.49)

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12837)

WordPress Plugin Survey Maker-Best WordPress Survey SQL Injection (3.1.1)

Severity

Medium

Classification

CVE-2019-3401 CWE-863

Tags

Missing Update Known Vulnerabilities