Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Missing Authentication for Critical Function Vulnerability - CVE-2019-8449 - Vulnerability Database
Atlassian Jira

Atlassian Jira Missing Authentication for Critical Function Vulnerability - CVE-2019-8449

Medium
Reference: CVE-2019-8449
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-8449
Title: Atlassian Jira Missing Authentication for Critical Function Vulnerability
Overview:

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.