Atlassian Jira 7.6.x < 7.6.13, 7.7.0 < 7.13.3, 8.x < 8.1.1 Information Disclosure Vulnerability
Medium Nessus Plugin ID 130266
SynopsisThe remote web server hosts a web application that is potentially affected by an information disclosure vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by an information disclosure vulnerability in the ManageFilters.jspa resource due to incorrect authorization checks. An unauthenticated, remote attacker can exploit this to enumerate usernames. (CVE-2019-3401)
SolutionUpgrade to Atlassian Jira version 7.6.13, 7.13.3 / 8.1.1 / 8.2.0 or later.