Sensitive Data Exposure in Jira Server and Jira Data Center REST API

Sensitive Data Exposure in Jira Server and Jira Data Center REST API

CVE-2021-26081 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.

Learn more about our Cis Benchmark Audit For Server Software.