Lucene search
NagliH1:1147951HistoryApr 03, 2021 - 6:52 p.m.
U.S. Dept Of Defense: CVE-2019-3403 on https://████/rest/api/2/user/picker?query=
2021-04-0318:52:05
nagli
hackerone.com
29
u.s. dept of defense
cve-2019-3403
jira
authorization
enumeration
update
bug bounty
EPSS
0.004
Percentile
73.0%
Description:
The endpoint at
https://████████/rest/api/2/user/picker?query=
Suffers from
CVE-2019-3403
Due to old version of jira.
{F125281}
References
https://nvd.nist.gov/vuln/detail/CVE-2019-3403
~@naglinagli
Impact
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
System Host(s)
███
Affected Product(s) and Version(s)
CVE Numbers
Steps to Reproduce
Navigate to https://██████/rest/api/2/user/picker?query=admin
Suggested Mitigation/Remediation Actions
Update the jira version
Related
nuclei
nuclei
Jira - Incorrect Authorization
2021-02-16 16:55:16
atlassian
atlassian
prion
prion
Authentication flaw
2019-05-22 18:29:00
nvd
nvd
CVE-2019-3403
2019-05-22 18:29:00
symantec
symantec
Atlassian JIRA CVE-2019-3403 Information Disclosure Vulnerability
2019-04-29 00:00:00
githubexploit
githubexploit
Exploit for Incorrect Authorization in Atlassian Jira
2021-03-18 22:36:58
cve
cve
CVE-2019-3403
2019-05-22 18:29:00
nessus
nessus
Atlassian Jira 7.13.x < 7.13.3 / 8.0.x < 8.0.4 / 8.1.x < 8.1.1 Information Disclosure Vulnerability
2019-10-25 00:00:00
Atlassian Jira 7.13.0 < 7.13.4 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities
2023-03-14 00:00:00
cvelist
cvelist
CVE-2019-3403
2019-05-22 17:35:03
hackerone
hackerone
Mail.ru: Path traversal lead to LFR via [CVE-2019-3394]
2020-09-12 21:50:28
Starbucks: Information disclosure on sim.starbucks.com
2019-06-30 12:11:42
OneWeb: Vulnerable Jira Instance
2021-09-27 14:44:08