The host is installed with Atlassian Jira_Server before 7.13.3, 8.0.0 before 8.0.4 or 8.1.0 before 8.1.1 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle issues in /rest/api/2/user/picker rest resource. Successful exploitation could allow remote attackers to enumerate usernames via an incorrect authorisation check.