Critical severity9.8NVD Advisory· Published Apr 20, 2022· Updated Jun 17, 2026
CVE-2022-0540
CVE-2022-0540
Description
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: <8.13.18, 8.14.0 to <8.20.6, 8.21.0 to <8.22.0
<4.13.18, 4.14.0 to <4.20.6, 4.21.0 to <4.22.0+ 2 more
- (no CPE)range: <4.13.18, 4.14.0 to <4.20.6, 4.21.0 to <4.22.0
- (no CPE)range: unspecified
- (no CPE)range: unspecified
unspecified+ 1 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- Range: unspecified
Patches
Vulnerability mechanics
References
3- confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20nvdIssue TrackingPatchVendor Advisory
- jira.atlassian.com/browse/JRASERVER-73650nvdIssue TrackingPatchVendor Advisory
- jira.atlassian.com/browse/JSDSERVER-11224nvdIssue TrackingPatchVendor Advisory
News mentions
0No linked articles in our index yet.