What is CVE-2019-3403?

CVE-2019-3403 is a vulnerability in Atlassian Jira, classified under Incorrect Authorization. Published 2019-05-22.

Is CVE-2019-3403 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Atlassian Jira

CVE-2019-3403

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation che…

Vulnerability class: Broken Access Control

EPSS: 0.828 (99.3th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira — versions unspecified, 8.0.0, unspecified

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

Public proof-of-concept exploits

davidmckennirey/CVE-2019-3403
und3sc0n0c1d0/UserEnumJira
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
Faizee-Asad/JIRA-Vulnerabilities
UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting
anmolksachan/JIRAya
imhunterand/JiraCVE

References

jira.atlassian.com/browse/JRASERVER-69242 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-3403?: CVE-2019-3403 is a vulnerability in Atlassian Jira, classified under Incorrect Authorization. Published 2019-05-22.
Is CVE-2019-3403 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.