CVE-2019-3401

MEDIUM NUCLEI

Atlassian Jira < 7.13.3 - Incorrect Authorization

Title source: rule

Description

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Nuclei Templates (1)

Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization

MEDIUMby TechbrunchFR,milo2012

Shodan:

http.component:"Atlassian Jira" || http.component:"atlassian jira" || http.component:"atlassian confluence" || cpe:"cpe:2.3:a:atlassian:jira"

References (1)

[Issue Tracking, Vendor Advisory] https://jira.atlassian.com/browse/JRASERVER-69244

Scores

CVSS v3 5.3

EPSS 0.6597

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-863

Status published

Products (2)

atlassian/jira < 7.13.3

atlassian/jira_server 8.0.0 - 8.1.1

Published May 22, 2019

Tracked Since Feb 18, 2026