CVE-2019-8446
published 2019-08-23CVE-2019-8446: The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
PriorityP180medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
17.55%
96.8th percentile
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira | >= unspecified < 8.3.2 | 8.3.2 |
| atlassian | jira_server | >= 7.6 < 8.3.2 | 8.3.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring POST requests to /rest/issueNav/1/issueTable from unauthenticated or low-privilege sources. ↗
- →A 200 HTTP response containing the string 'the user does not exist' in the body indicates successful triggering of the username enumeration vulnerability. ↗
- →Shodan queries 'http.component:"Atlassian Jira"' and 'http.component:"atlassian jira"' can be used to identify exposed Jira instances potentially vulnerable to this CVE. ↗
- →The attack uses the JQL function projectsLeadByUser() with an arbitrary username to probe for user existence; monitor POST bodies to /rest/issueNav/1/issueTable for this pattern. ↗
- ·The vulnerability affects Jira Server versions before 8.3.2 only; patched instances are not affected. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hjjc-3cqf-h5fg: The /rest/issueNav/1/issueTable resource in Jira before version 8
ghsa_unreviewed·2022-05-24
CVE-2019-8446 [MEDIUM] CWE-863 GHSA-hjjc-3cqf-h5fg: The /rest/issueNav/1/issueTable resource in Jira before version 8
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
VulnCheck
Atlassian Jira Server and Data Center Incorrect Authorization
vulncheck·2019·CVSS 5.3
CVE-2019-8446 [MEDIUM] Atlassian Jira Server and Data Center Incorrect Authorization
Atlassian Jira Server and Data Center Incorrect Authorization
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
Affected: Atlassian Jira Server and Data Center
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2019-8446; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-23&host_type=src&vulnerability=cve-2019-8446; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-
No detection rules found.
Nuclei
Jira Improper Authorization
nuclei·CVSS 5.3
CVE-2019-8446 [MEDIUM] Jira Improper Authorization
Jira Improper Authorization
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
Template:
id: CVE-2019-8446
info:
name: Jira Improper Authorization
author: dhiyaneshDk
severity: medium
description: The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
impact: |
This vulnerability can lead to unauthorized access, data leakage, and potential compromise of the Jira application.
remediation: |
Apply the latest security patches and updates provided by Atlassian to fix the vulnerability.
reference:
- https://jira.atlassian.com/browse/JRASERVER-69777
- https://www.talosintelligence.com/vulner
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
blogs_talos·2019-09-16·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
Ben Taylor of Cisco ASIG discovered these vulnerabilities.
Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and
manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and the disclosure of information inside of tasks created in Jira, including the attached documents.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Atlassian to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsAt
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
blogs_talos·2019-09-16·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
## Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
Ben Taylor of Cisco ASIG discovered these vulnerabilities.
Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and
manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and the disclosure of information inside of tasks created in Jira, including the attached documents.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Atlassian to ensure that these issues are resolved and that an
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
blogs_recorded_future·CVSS 9.6
[CRITICAL] Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
# Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
For years, software solutions built by Atlassian have found their way to nearly every organization's software stack. Tools such as JIRA, Confluence, Bamboo, and BitBucket are often seen playing a crucial role in various departments across enterprises.
From managing projects or handling organization-wide documentation, to hosting the very code of a product being developed by the organization, the constant reliance upon and amount of historical data held within these applications have turned them into a lucrative target for attackers, expanding the attack surface in the process.
## Historical Atlassian Vulnerabilities
Traditionally, vulnerabilities within the Atlassian software stack have originated from di
2019-08-23
Published
Exploited in the wild