CVE-2021-26081

Published: 2021-07-20T04:15Z

Last Modified: 2024-11-21T05:55Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt