Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-39118)

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Symposium Open Redirect (13.12)

Claroline Other Vulnerability (CVE-2006-3257)

Oracle Database Server Other Vulnerability (CVE-2007-3853)

WordPress Plugin 10Web Social Post Feed Unspecified Vulnerability (1.1.26)

EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736)

Severity

Medium

Classification

CVE-2021-39118 CWE-200

Tags

Missing Update Known Vulnerabilities