Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Remediation

References

CVE-2019-14997

Related Vulnerabilities

MySQL CVE-2017-10286 Vulnerability (CVE-2017-10286)

Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

Oracle JRE CVE-2012-5075 Vulnerability (CVE-2012-5075)

WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)

WordPress Plugin WP Content Copy Protection & No Right Click Security Bypass (3.1.4)

Severity

Medium

Classification

CVE-2019-14997 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities