Description

By accessing the endpoint /secure/popups/UserPickerBrowser.jspa?max=10, an unauthenticated attack can retrieve the Jira's users.

Remediation

Consider restricting unauthenticated access to this endpoint.

References

Control anonymous user access

Related Vulnerabilities

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.6)

KeyCloak Information Disclosure (CVE-2020-27838)

WordPress Plugin Contact Form Email Information Disclosure (1.2.66)

Javascript Source map detected

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.14)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure