Description

By accessing the endpoint /secure/popups/UserPickerBrowser.jspa?max=10, an unauthenticated attack can retrieve the Jira's users.

Remediation

Consider restricting unauthenticated access to this endpoint.

References

Control anonymous user access

Related Vulnerabilities

Password found in server response

Symfony debug mode enabled

Magento Config File Disclosure

Joomla! Core 1.5.x Information Disclosure (1.5.0 - 1.5.12)

Stack Trace Disclosure (Grails)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure