CVE-2019-14997

Name of the Vulnerable Software and Affected Versions Jira versions prior to 8.4.0

Description The issue allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse proxy and/or a load balancer with caching or a CDN.

Recommendations For versions prior to 8.4.0, update to version 8.4.0 or later to resolve the issue. As a temporary workaround, consider disabling caching in the reverse proxy, load balancer, or CDN configuration to minimize the risk of exploitation. Restrict access to sensitive user information until the update is applied.