Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Remediation

References

CVE-2019-14997

Related Vulnerabilities

WordPress Plugin Users Ultra Membership Arbitrary File Upload (1.5.58)

WordPress Plugin Media Library Assistant SQL Injection (3.05)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-13376)

WordPress Plugin Dynamic Widgets Multiple Cross-Site Scripting Vulnerabilities (1.5.10)

WordPress Plugin MainWP Child-Securely connects sites to the MainWP WordPress Manager Dashboard Security Bypass (3.4.4)

Severity

Medium

Classification

CVE-2019-14997 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities