Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3403)

Description

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Remediation

References

CVE-2019-3403

Related Vulnerabilities

WordPress Plugin WP-Polls SQL Injection (2.71)

WordPress Plugin Effectively Add & Customize Free Icons For WordPress Menus-WP Menu Icons Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

WordPress Plugin WP-Testimonials SQL Injection (3.4.1)

WordPress Plugin Search Everything SQL Injection (8.1.6)

WordPress Plugin Sign-up Sheets Cross-Site Scripting (1.0.13)

Severity

Medium

Classification

CVE-2019-3403 CWE-863