Description:
The endpoint at
https://████████/rest/api/2/user/picker?query=
Suffers from
CVE-2019-3403
Due to old version of jira.
{F125281}
https://nvd.nist.gov/vuln/detail/CVE-2019-3403
~@naglinagli
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
███
Navigate to https://██████/rest/api/2/user/picker?query=admin
Update the jira version