The /rest/api/latest/groupuserpicker resource in Jira...
Moderate severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Sep 11, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 30, 2023
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
References