{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T14:16:24.550","vulnerabilities":[{"cve":{"id":"CVE-2019-3403","sourceIdentifier":"security@atlassian.com","published":"2019-05-22T18:29:00.833","lastModified":"2024-11-21T04:42:02.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check."},{"lang":"es","value":"The /rest/api/2/user/picker rest resource en Jira antes de la versión 7.13.3, desde la versión 8.0.0 antes versión 8.0.4, y desde versión 8.1.0 antes de la versión 8.1.1, permite a los atacantes remotos enumerar los nombres de usuario mediante una comprobación de autorización incorrecta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@atlassian.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*","versionEndExcluding":"7.13.3","matchCriteriaId":"3AAAD6CB-BAF7-4FE4-BB84-F7614F28AEEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.4","matchCriteriaId":"D2468233-97B0-4673-A2EA-5787CFD56097"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.1","matchCriteriaId":"2806E160-A601-4276-A3F2-8F73DA3AE3E0"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/JRASERVER-69242","source":"security@atlassian.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-69242","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}