Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Remediation

References

CVE-2019-8449

Related Vulnerabilities

Drupal Improper Input Validation Vulnerability (CVE-2019-6342)

Oracle HTTP Server Other Vulnerability (CVE-2007-0282)

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10673)

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)

Severity

Medium

Classification

CVE-2019-8449 CWE-306

Tags

Missing Update Known Vulnerabilities