REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.
History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-07-20T03:25:12.678817Z

Updated: 2024-10-11T17:18:17.200Z

Reserved: 2021-01-25T00:00:00

Link: CVE-2021-26081

cve-icon Vulnrichment

Updated: 2024-08-03T20:19:19.588Z

cve-icon NVD

Status : Modified

Published: 2021-07-20T04:15:09.683

Modified: 2024-11-21T05:55:50.027

Link: CVE-2021-26081

cve-icon Redhat

No data.