CVE-2019-8449

Medium

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an…

atlassian·CWE-306·Published 2019-09-11

CVSS

5.3

EPSS

0.85

KEV

Exploits

cve.orgen

166 chars

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

NVDen

166 chars

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

El recurso /rest/api/latest/groupuserpicker en Jira versiones anteriores a 8.4.0, permite a atacantes remotos enumerar nombres de usuario por medio de una vulnerabilidad de divulgación de información.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N