ghsa-v3g7-jggh-wjhg
Vulnerability from github
Published
2022-05-24 19:08
Modified
2022-05-24 19:08
Severity
Details
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the /rest/api/latest/user/avatar/temporary
endpoint.
{ "affected": [], "aliases": [ "CVE-2021-26081" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-07-20T04:15:00Z", "severity": "MODERATE" }, "details": "REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.", "id": "GHSA-v3g7-jggh-wjhg", "modified": "2022-05-24T19:08:31Z", "published": "2022-05-24T19:08:31Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26081" }, { "type": "WEB", "url": "https://jira.atlassian.com/browse/JRASERVER-72499" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }
Loading...