Description
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)
WordPress Plugin Ticket Manager Cross-Site Scripting (1)
Joomla! Core 3.x.x Prototype Pollution (3.0.0 - 3.9.4)
WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.15.727)
ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)