Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-8449 PoC — Atlassian Jira 访问控制错误漏洞

Source
https://github.com/mufeedvh/CVE-2019-8449
Associated Vulnerability
Title:Atlassian Jira 访问控制错误漏洞 (CVE-2019-8449)
Description:The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
Description
CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Readme
# CVE-2019-8449
CVE-2019-8449 Exploit for Jira Releases Below v8.3.4
<br><br>
<b>CVSS Score:</b> 5.0
<br>
<b>Vulnerability Type(s):</b> Information Disclosure
<br>
<b>Authentication:</b> Not Required
<br>
<b>Affected Versions:</b>  2.1 - 8.3.4
<br>
<b>Publish Date:</b> 2019-09-11
<br>
<b>Exploit-DB:</b> https://www.exploit-db.com/exploits/47990

# Description
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

# Usage
    python CVE-2019-8449.py

# Links
* https://jira.atlassian.com/browse/JRASERVER-69796
* https://nvd.nist.gov/vuln/detail/CVE-2019-8449
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8449
* https://www.cvedetails.com/cve/CVE-2019-8449/
File Snapshot

 [4.0K]  /data/pocs/9c77e0502e7e5c97df513641212ab15fb5ee7922
├── [3.3K]  CVE-2019-8449.py
└── [ 787]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →