Skip to content

Horizon3.ai Docs

H3-2022-0081

Horizon3.ai Docs

Welcome
Getting Started
Getting Started
- Register an Account
  Register an Account
- Run an External Pentest
  Run an External Pentest
- Setup NodeZero Host
  Setup NodeZero Host
- Run an Internal Pentest
  Run an Internal Pentest
- Run an AD Password Audit
  Run an AD Password Audit
- Run 1-click Verify
  Run 1-click Verify
- NodeZero Portal Access Control
  NodeZero Portal Access Control
  - User Personas
  - User Management
  - Single Sign-On (SSO)
  - Identity Provider Guides
    Identity Provider Guides
    
    Azure
    
    Okta
Reference
Reference
- API
  API
  - CLI Tool
    
    CLI Tool
    
    Getting Started
    
    Guides
    Guides
    
    Automate NodeZero Deployment
    
    Scheduling from CLI
    
    Monitor Pentests
    
    Paginate Results
  - API Reference
    
    API Reference
    
    Authenticate
    
    Getting Started
    
    GraphQL API
- Automate Scheduling
  Automate Scheduling
- Attack Configuration
  Attack Configuration
  - Remote Access Tool
- BloodHound
- Glossary
- Horizon 3 Weaknesses
  Horizon 3 Weaknesses
- Injecting Credentials
  Injecting Credentials
  - Injecting an AWS Role
- Phishing Impact Test
  Phishing Impact Test
  - The NodeZero Phishing Script
- NodeZero Modules
  NodeZero Modules
  - Cyanide
- Notifications
  Notifications
- Media
  Media
- Templates
  Templates
- Release Notes
  Release Notes
  - 2024.04
  - 2024.03
  - 2024.02
  - 2024.01
Downloads
Downloads

H3-2022-0081

Atlassian Jira Unauthenticated User Enumeration via the User Picker Browser


Category	`SECURITY_MISCONFIGURATION`
Base Score	`5.0`

Description

The User Picker Browser component in Jira enables a Jira user to view and select other Jira users. As a result of an access control misconfiguration, anyone with network access to Jira can abuse this component to enumerate all users in Jira. User data includes the users' full names, usernames, and e-mail addresses.

Impact

An unauthenticated attacker can query the Jira instance and compile a list of known usernames and e-mail addresses. These usernames can be used to conduct credential attacks such as password spray and credential stuffing. E-mail addresses can be used in phishing attacks.

References

Controlling anonymous user access