CVE-2019-3403

CVE-2019-3403

Vendor Atlassian
Product Jira
Weakness CWE-863 · Incorrect authorization
Published May 22, 2019
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Key dates

02Disclosure timeline

May 22, 2019 CVE published
September 17, 2024 Record updated