Description
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view users' emails via an Information Disclosure vulnerability in the /rest/api/2/search endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ultimate FAQ Security Bypass (1.8.24)
WordPress Plugin Custom Login Page Customizer-LoginPress Multiple Vulnerabilities (1.1.13)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0798)
WordPress Plugin Docket Cache-Object Cache Accelerator Cross-Site Scripting (21.08.01)