Description
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
Remediation
References
Related Vulnerabilities
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)
WordPress Plugin Acunetix WP Security Cross-Site Request Forgery (4.0.4)
WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.4)
WordPress Plugin Smash Balloon Social Post Feed Cross-Site Scripting (4.1)
WordPress Plugin Appointments Cross-Site Scripting (2.2.2.2)