CVE-2019-3403
EUVD-2019-1304222.05.2019, 18:29
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| atlassian | jira | 𝑥 < 7.13.3 |
| atlassian | jira_server | 8.0.0 ≤ 𝑥 < 8.0.4 |
| atlassian | jira_server | 8.1.0 ≤ 𝑥 < 8.1.1 |
𝑥
= Vulnerable software versions