Description
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
Remediation
References
Related Vulnerabilities
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-18679)
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-13401)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.17)
WordPress Plugin Simple Custom CSS and JS Cross-Site Scripting (3.3)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-39200)