Description
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Jobs Cross-Site Scripting (1.6)
WordPress Plugin Google XML Sitemap for Images Cross-Site Request Forgery (2.1.3)
WordPress Plugin Slickr Flickr Cross-Site Scripting (2.8.1)
WordPress Plugin Simple Flash Video Cross-Site Scripting (1.7)
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2025-66221)