The host is installed with Atlassian Jira Server before 8.5.18, 8.6.0 before 8.13.10, or 8.14.0 before 8.18.2 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle the /rest/api/latest/projectvalidate/key endpoint. Successful exploitation could allow remote attackers to enumerate the keys of private jira projects.