Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Remediation

References

CVE-2019-8449

Related Vulnerabilities

WordPress Plugin CF7 Invisible reCAPTCHA Cross-Site Scripting (1.3.1)

WordPress Plugin Tutor LMS-eLearning and online course solution Multiple Vulnerabilities (1.7.6)

WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.1)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9859)

WordPress Plugin Import all XML, CSV & TXT into WordPress Cross-Site Scripting (6.4.2)

Severity

Medium

Classification

CVE-2019-8449 CWE-306

Tags

Missing Update Known Vulnerabilities