CVE-2019-8449

Sažetak

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Reference

https://jira.atlassian.com/browse/JRASERVER-69796
http://packetstormsecurity.com/files/156172/Jira-8.3.4-Information-Disclosure.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

01-01-2022 - 20:19

Objavljeno

11-09-2019 - 14:15