CVE-2019-3403

MEDIUM NUCLEI

Atlassian Jira < 7.13.3 - Incorrect Authorization

Title source: rule

Description

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Exploits (2)

nomisec WORKING POC 2 stars

by davidmckennirey · poc

https://github.com/davidmckennirey/CVE-2019-3403

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by und3sc0n0c1d0 · poc

https://github.com/und3sc0n0c1d0/UserEnumJira

View Code ZIP pw:eip

Nuclei Templates (1)

Jira - Incorrect Authorization

MEDIUMby Ganofins

Shodan:

http.component:"Atlassian Jira" || http.component:"atlassian jira" || http.component:"atlassian confluence" || cpe:"cpe:2.3:a:atlassian:jira"

References (1)

[Issue Tracking, Vendor Advisory] https://jira.atlassian.com/browse/JRASERVER-69242

Scores

CVSS v3 5.3

EPSS 0.8280

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-863

Status published

Products (2)

atlassian/jira < 7.13.3

atlassian/jira_server 8.0.0 - 8.0.4

Published May 22, 2019

Tracked Since Feb 18, 2026