Description
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Insertion of Sensitive Information into Log File Vulnerability (CVE-2017-1480)
MySQL CVE-2018-2583 Vulnerability (CVE-2018-2583)
Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2018-8034)
OpenSSL Resource Management Errors Vulnerability (CVE-2011-0014)
YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)