Description
By accessing the endpoint /secure/popups/UserPickerBrowser.jspa?max=10, an unauthenticated attack can retrieve the Jira's users.
Remediation
Consider restricting unauthenticated access to this endpoint.
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)
WordPress Plugin WP Maintenance Mode Multiple Vulnerabilities (2.0.3)
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)