Vulnerabilities > CVE-2019-8448 - Unspecified vulnerability in Atlassian Jira Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses |
| NASL id | JIRA_8_2_2.NASL |
| description | According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.13.4 or 8.0.x prior to 8.2.2. It is, therefore, affected by an information disclosure vulnerability in its login.jsp component due to insufficent validation of user input. An unauthenticated, remote attacker can exploit this, by sending crafted HTTP requests, to enumerate the usernames of the Jira users. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 128423 |
| published | 2019-09-03 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/128423 |
| title | Atlassian JIRA Information Disclosure Vulnerability (JRASERVER-69797) |