Jira User Enumeration via Login.jsp Information Disclosure Vulnerability

CVE-2019-8448 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The login.jsp resource in Jira before version 7.13.4, and from version 8.0.0 before version 8.2.2 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Learn more about our User Device Pen Test.