REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 prior to 8.13.6, and from version 8.14.0 prior to 8.16.1 allows remote malicious users to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian data center |
||
atlassian jira data center |
||
atlassian jira |
||
atlassian jira server |