Description
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
Remediation
References
Related Vulnerabilities
SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-35808)
MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-35475)
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)
WordPress Plugin User Profile Picture Information Disclosure (2.4.0)