Description
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
Remediation
References
Related Vulnerabilities
WordPress Plugin Premium Blocks for Gutenberg Unspecified Vulnerability (1.7.4)
WordPress Plugin WP-Polls Cross-Site Scripting (2.69)
WordPress Plugin WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.34)
WordPress Plugin WP eCommerce 'cart_messages[]' Parameter Cross-Site Scripting (3.8.6)