Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoint. The affected versions are before version 8.19.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin SEO Friendly Images Cross-Site Scripting (3.0.4)
WordPress Plugin Calendar Multiple Cross-Site Scripting Vulnerabilities (1.2.1)
WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (4.5.0)
WordPress Plugin Widgets for SiteOrigin Unspecified Vulnerability (1.4.4)
Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)