https://github.com/mufeedvh/cve-2019-8449

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
https://github.com/mufeedvh/cve-2019-8449

cve cve-2019-8449 cve-exploit exploit exploit-code exploit-database exploitdb exploiting-vulnerabilities exploits jira jira-api jira-issue jira-rest-api vulnerability

Last synced: about 1 year ago
JSON representation

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

• Host: GitHub
• URL: https://github.com/mufeedvh/cve-2019-8449
• Owner: mufeedvh
• Created: 2020-02-02T16:42:32.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2020-02-03T15:11:25.000Z (over 6 years ago)
• Last Synced: 2024-10-29T15:15:01.599Z (over 1 year ago)
• Topics: cve, cve-2019-8449, cve-exploit, exploit, exploit-code, exploit-database, exploitdb, exploiting-vulnerabilities, exploits, jira, jira-api, jira-issue, jira-rest-api, vulnerability
• Language: Python
• Size: 6.84 KB
• Stars: 67
• Watchers: 3
• Forks: 20
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# CVE-2019-8449

CVE-2019-8449 Exploit for Jira Releases Below v8.3.4





CVSS Score: 5.0




Vulnerability Type(s): Information Disclosure




Authentication: Not Required




Affected Versions:  2.1 - 8.3.4




Publish Date: 2019-09-11




Exploit-DB: https://www.exploit-db.com/exploits/47990

# Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

# Usage

    python CVE-2019-8449.py

# Links

* https://jira.atlassian.com/browse/JRASERVER-69796

* https://nvd.nist.gov/vuln/detail/CVE-2019-8449

* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8449

* https://www.cvedetails.com/cve/CVE-2019-8449/