Auth bypass in Atlassian Jira
CVE-2019-8446
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.
Vulnerability class: Broken Access Control
EPSS: 0.729 (98.8th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Jira — versions unspecified
Weakness classification (CWE)
Public proof-of-concept exploits
References
- jira.atlassian.com/browse/JRASERVER-69777 (x_refsource_MISC)
- www.talosintelligence.com/vulnerability_reports/TALOS-2019-0839 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-8446?
- CVE-2019-8446 is a vulnerability in Atlassian Jira, classified under Incorrect Authorization. Published 2019-08-23.
- Is CVE-2019-8446 known to be exploited?
- 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.