Description
By accessing the endpoint /secure/popups/UserPickerBrowser.jspa?max=10, an unauthenticated attack can retrieve the Jira's users.
Remediation
Consider restricting unauthenticated access to this endpoint.
References
Related Vulnerabilities
WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)
WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)
SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0191)