Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Remediation

References

CVE-2019-8449

Related Vulnerabilities

Joomla Other Vulnerability (CVE-2005-3771)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42498)

WordPress Plugin qTranslate X Cross-Site Scripting (3.4.3)

WordPress Plugin Contact List-Easy Business Directory, Staff Directory and Address Book Cross-Site Scripting (2.9.41)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3230)

Severity

Medium

Classification

CVE-2019-8449 CWE-306

Tags

Missing Update Known Vulnerabilities