cbcvebase.
CVE-2019-8446
published 2019-08-23

CVE-2019-8446: The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

PriorityP180medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
17.55%
96.8th percentile
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

Affected

2 ranges
VendorProductVersion rangeFixed in
atlassianjira>= unspecified < 8.3.28.3.2
atlassianjira_server>= 7.6 < 8.3.28.3.2

Detection & IOCsextracted from sources · hover to see the quote

url/rest/issueNav/1/issueTable
otherX-Atlassian-Token: no-check
command{'jql':'project in projectsLeadByUser("{{randstr}}")'}
  • Detect exploitation attempts by monitoring POST requests to /rest/issueNav/1/issueTable from unauthenticated or low-privilege sources.
  • A 200 HTTP response containing the string 'the user does not exist' in the body indicates successful triggering of the username enumeration vulnerability.
  • Shodan queries 'http.component:"Atlassian Jira"' and 'http.component:"atlassian jira"' can be used to identify exposed Jira instances potentially vulnerable to this CVE.
  • The attack uses the JQL function projectsLeadByUser() with an arbitrary username to probe for user existence; monitor POST bodies to /rest/issueNav/1/issueTable for this pattern.
  • ·The vulnerability affects Jira Server versions before 8.3.2 only; patched instances are not affected.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.