Description

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN.

Remediation

References

CVE-2019-14997

Related Vulnerabilities

phpBB CVE-2010-1630 Vulnerability (CVE-2010-1630)

WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.81)

WordPress Plugin FireStats Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities (1.0.2)

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16850)

WordPress Plugin Cleeng-Sell your videos Cross-Site Scripting (2.3.2)

Severity

Medium

Classification

CVE-2019-14997 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities