All the vulnerabilites related to Atlassian - Jira Software Data Center
cve-2022-26137
Vulnerability from cvelistv5
Published
2022-07-20 17:25
Modified
2024-10-03 17:10
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BAM-21795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13370"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-5815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/FE-7410"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CRUC-8541"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bamboo",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.2.10",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.9",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.1.8",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.4",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.8",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.5",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.20.2",
                "status": "affected",
                "version": "7.20.1",
                "versionType": "custom"
              },
              {
                "lessThan": "7.21.2",
                "status": "affected",
                "version": "7.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.3.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.4.2",
                "status": "affected",
                "version": "4.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crucible",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fisheye",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T16:48:52.174175Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T17:10:16.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bamboo Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bamboo Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Crowd Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crowd Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crucible",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Fisheye",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T17:25:23",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BAM-21795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-13370"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-5815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/FE-7410"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CRUC-8541"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-20T00:00:00",
          "ID": "CVE-2022-26137",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bamboo Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bamboo Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crucible",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fisheye",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BAM-21795",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13370",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-5815",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "name": "https://jira.atlassian.com/browse/FE-7410",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "name": "https://jira.atlassian.com/browse/CRUC-8541",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26137",
    "datePublished": "2022-07-20T17:25:23.603830Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-03T17:10:16.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26135
Vulnerability from cvelistv5
Published
2022-06-30 05:20
Modified
2024-10-29 15:20
Summary
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26135",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T15:05:50.366047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T15:20:52.789Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Server-side Request Forgery",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-30T05:20:15",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-06-29T00:00:00",
          "ID": "CVE-2022-26135",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Server-side Request Forgery"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73863",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11840",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
            },
            {
              "name": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022",
              "refsource": "MISC",
              "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26135",
    "datePublished": "2022-06-30T05:20:15.269358Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-29T15:20:52.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0540
Vulnerability from cvelistv5
Published
2022-04-20 18:30
Modified
2024-10-24 16:54
Severity ?
Summary
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73650"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11224"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.6",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.0",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.6",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.0",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.20.6",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.0",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.20.6",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.0",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-0540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T19:06:38.021795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T16:54:19.795Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-20T18:30:17",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73650"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11224"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-04-20T00:00:00",
          "ID": "CVE-2022-0540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.18"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.18"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.18"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.18"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.18"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20",
              "refsource": "MISC",
              "url": "https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73650",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73650"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11224",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11224"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-0540",
    "datePublished": "2022-04-20T18:30:17.641544Z",
    "dateReserved": "2022-02-08T00:00:00",
    "dateUpdated": "2024-10-24T16:54:19.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26136
Vulnerability from cvelistv5
Published
2022-07-20 17:25
Modified
2024-10-03 16:43
Severity ?
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BAM-21795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13370"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-5815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/FE-7410"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CRUC-8541"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bamboo",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.2.10",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.9",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.1.8",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.4",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.8",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.5",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.20.2",
                "status": "affected",
                "version": "7.20.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.21.2",
                "status": "affected",
                "version": "7.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.0"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.3.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.4.2",
                "status": "affected",
                "version": "4.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crucible",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fisheye",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T15:26:49.090400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T16:43:16.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bamboo Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bamboo Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Crowd Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crowd Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crucible",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Fisheye",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T17:25:18",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BAM-21795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-13370"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-5815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/FE-7410"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CRUC-8541"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-20T00:00:00",
          "ID": "CVE-2022-26136",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bamboo Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bamboo Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crucible",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fisheye",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BAM-21795",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13370",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-5815",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "name": "https://jira.atlassian.com/browse/FE-7410",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "name": "https://jira.atlassian.com/browse/CRUC-8541",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26136",
    "datePublished": "2022-07-20T17:25:18.803466Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-03T16:43:16.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36239
Vulnerability from cvelistv5
Published
2021-07-29 10:12
Modified
2024-10-17 15:25
Severity ?
Summary
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.5.16",
                "status": "affected",
                "version": "6.3.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.13.8",
                "status": "affected",
                "version": "8.6.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.17.0",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.5.16",
                "status": "affected",
                "version": "2.0.2",
                "versionType": "custom"
              },
              {
                "lessThan": "4.13.8",
                "status": "affected",
                "version": "4.6.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.17.0",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-36239",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T15:18:39.926455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-862",
                "description": "CWE-862 Missing Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T15:25:47.384Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jira Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.17.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Core Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.17.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.13.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.17.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.0.2",
              "versionType": "custom"
            },
            {
              "lessThan": "4.5.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.13.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.17.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-29T10:12:42",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-07-21T17:00:00",
          "ID": "CVE-2020-36239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jira Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.5.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.17.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Core Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.5.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.17.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.5.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.17.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.0.2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.5.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.17.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-8454",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-72566",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
            },
            {
              "name": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html",
              "refsource": "MISC",
              "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-36239",
    "datePublished": "2021-07-29T10:12:42.879604Z",
    "dateReserved": "2021-01-27T00:00:00",
    "dateUpdated": "2024-10-17T15:25:47.384Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}