Vulnerability in Atlassian Jira
CVE-2019-8449
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
EPSS: 0.711 (98.7th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Jira — versions unspecified
Public proof-of-concept exploits
References
- jira.atlassian.com/browse/JRASERVER-69796 (x_refsource_CONFIRM)
- packetstormsecurity.com/files/156172/Jira-8.3.4-Information-Disclosure.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-8449?
- CVE-2019-8449 is a vulnerability in Atlassian Jira. Published 2019-09-11.
- Is CVE-2019-8449 known to be exploited?
- 52 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.