Description

By accessing the endpoint /secure/popups/UserPickerBrowser.jspa?max=10, an unauthenticated attack can retrieve the Jira's users.

Remediation

Consider restricting unauthenticated access to this endpoint.

References

Control anonymous user access

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Information Disclosure (1.8.11)

WordPress Plugin WP Maintenance Mode Multiple Vulnerabilities (2.0.3)

WordPress readme.html file

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10152)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure