README.md

CVE-2019-8449

CVE-2019-8449 Exploit for Jira Releases Below v8.3.4

CVSS Score: 5.0
Vulnerability Type(s): Information Disclosure
Authentication: Not Required
Affected Versions: 2.1 - 8.3.4
Publish Date: 2019-09-11
Exploit-DB: https://www.exploit-db.com/exploits/47990

Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Usage

python CVE-2019-8449.py

Links

• https://jira.atlassian.com/browse/JRASERVER-69796
• https://nvd.nist.gov/vuln/detail/CVE-2019-8449
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8449
• https://www.cvedetails.com/cve/CVE-2019-8449/