Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Remediation

References

CVE-2019-8449

Related Vulnerabilities

WordPress Plugin Clio Grow Cross-Site Scripting (1.0)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Unspecified Vulnerability (2.0.40)

Ampache Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-4665)

Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)

Atlassian Jira Other Vulnerability (CVE-2006-3338)

Severity

Medium

Classification

CVE-2019-8449 CWE-306

Tags

Missing Update Known Vulnerabilities