Description
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
Remediation
References
Related Vulnerabilities
Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)
Ruby Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31810)
IBM RTC CVE-2015-1971 Vulnerability (CVE-2015-1971)
WordPress Plugin Fancy Slideshows Security Bypass (2.4)
WordPress Plugin WordPress Calls to Action Unspecified Vulnerability (2.3.5)