Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Remediation

References

CVE-2019-8449

Related Vulnerabilities

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3275)

WordPress Plugin Content Copy Protection & Prevent Image Save Cross-Site Request Forgery (1.3)

WordPress Plugin Product Catalog 8 SQL Injection (1.2.0)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6506)

Severity

Medium

Classification

CVE-2019-8449 CWE-306

Tags

Missing Update Known Vulnerabilities