Atlassian Jira 7.13.x < 7.13.3 / 8.0.x < 8.0.4 / 8.1.x < 8.1.1 Information Disclosure Vulnerability
Medium Nessus Plugin ID 130267
SynopsisThe remote web server hosts a web application that is potentially affected by an information disclosure vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is potentially affected by an information disclosure vulnerability in the /rest/api/2/user/picker rest resource due to incorrect authorization checks. An unauthenticated, remote attacker can exploit this to enumerate usernames.
SolutionUpgrade to Atlassian Jira version 7.13.3 / 8.1.1 / 8.2.0 or later.