Description

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.

Remediation

References

CVE-2021-26081

Related Vulnerabilities

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Unspecified Vulnerability (2.6.21)

WordPress Plugin WP Super Cache PHP Code Injection (1.2)

WordPress Plugin Elementor Pro Cross-Site Scripting (2.0.9)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2011-2483)

Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-14240)

Severity

Medium

Classification

CVE-2021-26081

Tags

Missing Update Known Vulnerabilities