Atlassian Jira 8.0.0 Information Disclosure Vulnerability

Summary

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Credit:

The information has been provided by Daniel Rauf
The original article can be found at: https://jira.atlassian.com/browse/JRASERVER-69244


Details

Atlassian Jira is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

 

Vulnerable Systems:

  • Atlassian Jira
  • Atlassian Jira 2.1
  • Atlassian Jira 2.2
  • Atlassian Jira 2.2.1
  • Atlassian Jira 2.3
  • Atlassian Jira 2.4.1
  • Atlassian Jira 2.5.1
  • Atlassian Jira 2.5.2
  • Atlassian Jira 2.5.3
  • Atlassian Jira 2.6
  • Atlassian Jira 2.6.1
  • Atlassian Jira 3.0
  • Atlassian Jira 3.0.1
  • Atlassian Jira 3.0.2

CVE Information:
CVE-2019-3401

Disclosure Timeline:
Publish Date:05/22/2019

Categories: News