The host is installed with Atlassian Jira Server before 8.5.14, 8.6.0 before 8.13.6, or 8.14.0 before 8.16.1 and is prone to a username enumeration vulnerability. A flaw is present in the application which fails to properly handle a sensitive data exposure vulnerability in the '/rest/api/latest/user/avatar/temporary' endpoint. Successful exploitation could allow remote attackers to discover the username of users.