漏洞描述
【漏洞对象】Jira 【涉及版本】version<7.13.3,v8.0.0-v8.0.4,v8.1.0到v8.1.1【漏洞描述】7.13.3版之前的Jira,8.0.4版之前的8.0.0版以及8.1.1版之前的8.1.0版中的Jira中的/rest/api/2/user/picker rest资源允许远程攻击者通过以下方式枚举用户名授权检查不正确。
Jira 信息泄露漏洞(可用户名枚举)(CVE-2019-3403)
PoC代码
暂无相关漏洞推荐
- CVE-2019-8449: Jira Information Disclosure
- POC CVE-2007-0885: Jira Rainbow.Zen - Cross-Site Scripting
- POC CVE-2017-9506: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
- POC CVE-2018-20824: Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting
- POC CVE-2018-5230: Atlassian Jira Confluence - Cross-Site Scripting
- POC CVE-2019-11581: Atlassian Jira Server-Side Template Injection
- POC CVE-2019-3401: Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization
- POC CVE-2019-3402: Jira < 8.1.1 - Cross-Site Scripting
- POC CVE-2019-3403: Jira - Incorrect Authorization
- POC CVE-2019-8442: Jira - Local File Inclusion
- POC CVE-2019-8446: Jira Improper Authorization
- POC CVE-2019-8449: Jira <8.4.0 - Information Disclosure
- POC CVE-2019-8451: Jira <8.4.0 - Server-Side Request Forgery