Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-8446 — Incorrect Authorization in Atlassian Jira

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

72.9%

top 1.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Atlassian Jira Atlassian Jira Server

Timeline

PublishedAug 23

Latest updateMay 24

Description

The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5atlassian/jiraunspecified — 8.3.2

▶NVDatlassian/jira_server7.6 — 8.3.2

🔴Vulnerability Details

GHSA

GHSA-hjjc-3cqf-h5fg: The /rest/issueNav/1/issueTable resource in Jira before version 8↗2022-05-24

▶

CVEList

CVE-2019-8446: The /rest/issueNav/1/issueTable resource in Jira before version 8↗2019-08-23

▶

VulnCheck

Atlassian Jira Server and Data Center Incorrect Authorization↗2019

▶

💥Exploits & PoCs

Nuclei

Jira Improper Authorization

▶