Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Remediation

References

CVE-2019-14997

Related Vulnerabilities

WordPress Plugin Asset CleanUp:Page Speed Booster Cross-Site Scripting (1.3.6.7)

WordPress Plugin Thrive Headline Optimizer Security Bypass (1.3.7.2)

RubyGems Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2019-8321)

Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16619)

WordPress Plugin YT-Audio:Audio Hosting From YouTube in WordPress 'v' Parameter Cross-Site Scripting (1.7)

Severity

Medium

Classification

CVE-2019-14997 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities