Description
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
Remediation
References
Related Vulnerabilities
WordPress Plugin Affiliate Link Manager Cross-Site Scripting (2.1.1)
WordPress Plugin File Manager Multiple Vulnerabilities (4.8)
Dolibarr Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-11825)
WordPress Plugin Fileviewer Cross-Site Request Forgery (2.2)
WordPress Plugin Admin Management Xtended Privilege Escalation (2.4.0)