CVE-2019-3403

Publication date

2019-05-22 17:35:03

Family

atlassian

State

PUBLISHED

Description

The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.