Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Remediation

References

CVE-2019-14997

Related Vulnerabilities

MySQL CVE-2019-2808 Vulnerability (CVE-2019-2808)

Oracle Application Server CVE-2006-0274 Vulnerability (CVE-2006-0274)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Open Redirect (4.0)

WordPress Plugin No Follow All External Links Spam Injection (2.3.0)

Apache Tomcat Other Vulnerability (CVE-2001-0590)

Severity

Medium

Classification

CVE-2019-14997 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities