The host is installed with Atlassian Jira Server before 8.5.15, 8.6.0 before 8.13.7 and 8.14.0 before 8.17.0 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle the QueryComponentRendererValue!Default.jspa endpoint. Successful exploitation allows an unauthenticated user to enumerate users.