Description

By accessing the endpoint /secure/popups/UserPickerBrowser.jspa?max=10, an unauthenticated attack can retrieve the Jira's users.

Remediation

Consider restricting unauthenticated access to this endpoint.

References

Control anonymous user access

Related Vulnerabilities

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Multiple Vulnerabilities (3.1.1)

Joomla! Core 3.x.x Information Disclosure (3.0.0 - 3.9.19)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0191)

WordPress Plugin WP-Live Chat by 3CX Information Disclosure (8.0.28)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure