Atlassian JIRA Information Exposure Vulnerability CVE-2019-3401 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Atlassian JIRA Information Exposure Vulnerability CVE-2019-3401 Scanner Detail

Atlassian JIRA contains an Information Exposure vulnerability.

The ManageFilters.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Some Advice for Common Problems

  • Ensure that this permission is restricted to specific groups that require it.
  • You can restrict it in Administration > System > Global Permissions.
  • Turning the feature off will not affect existing filters and dashboards.
  • If you change this setting, you will still need to update the existing filters and dashboards if they have already been shared publicly.
  • Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service