Description

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

Remediation

References

CVE-2019-8449

Related Vulnerabilities

EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846)

PHP Other Vulnerability (CVE-2015-8866)

WordPress Plugin bbPress Members Only Cross-Site Request Forgery (1.2.1)

Drupal CVE-2018-14773 Vulnerability (CVE-2018-14773)

WordPress Plugin WP SimpleMail Multiple Cross-Site Scripting Vulnerabilities (1.0.6)

Severity

Medium

Classification

CVE-2019-8449 CWE-306

Tags

Missing Update Known Vulnerabilities