Description
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
Remediation
References
Related Vulnerabilities
Ruby on Rails CVE-2024-26144 Vulnerability (CVE-2024-26144)
Apache Tomcat Numeric Errors Vulnerability (CVE-2014-0099)
WordPress Plugin Product list Widget for Woocommerce Cross-Site Scripting (1.0)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)
WordPress Plugin DMSGuestbook Multiple Remote Vulnerabilities (1.8.0)