Vulnerability Description
The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | < 7.13.3 |
| Atlassian | Jira Server | >= 8.0.0, < 8.1.1 |
Related Weaknesses (CWE)
References
- https://jira.atlassian.com/browse/JRASERVER-69244Issue TrackingVendor Advisory
- https://jira.atlassian.com/browse/JRASERVER-69244Issue TrackingVendor Advisory
FAQ
What is CVE-2019-3401?
CVE-2019-3401 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
How severe is CVE-2019-3401?
CVE-2019-3401 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3401?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira, Atlassian Jira Server.