Exploit for #VU21176 Information disclosure in Jira Software

Published: 2020-03-18 | Updated: 2021-06-17

Vulnerability identifier: #VU21176

Vulnerability risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-8449

CWE-ID: CWE-200

Exploitation vector: Network

Exploits in database: 4

June 17, 2021
- Jira 8.3.4 - Information Disclosure (Username Enumeration) [Exploit-DB]
May 3, 2021
- UserEnumJira (Serie de scripts para enumerar nombres de usuarios de JIRA a partir de vulnerabilidades conocidas (CVE-2020-14181, CVE-2019-3403, CVE-2019-8449...)) [Github]
March 18, 2020
- CVE-2019-8449 (CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4) [Github]
- CVE-2019-8449 (User Enumeration Proof Of Concept Exploit for CVE-2019-8449) [Github]

Impact: Information disclosure

Vulnerable software:
Jira Software
Client/Desktop applications / Other client software

Vendor: Atlassian