Unrated severityNVD Advisory· Published Jun 30, 2022· Updated Oct 29, 2024

CVE-2022-26135

Description

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.

Affected products

Atlassian/Jira Servercpe-rescue2 versions
8.0.0+ 1 more
- (no CPE)range: 8.0.0
- (no CPE)range: 8.0.0
Atlassian/Jira Service Management Data Center and Servercpe-rescue2 versions
4.0.0+ 1 more
- (no CPE)range: 4.0.0
- (no CPE)range: 4.0.0
Atlassian/Jira Core Data Centercpe-rescue
Range: 8.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022mitrex_refsource_MISC
jira.atlassian.com/browse/JRASERVER-73863mitrex_refsource_MISC
jira.atlassian.com/browse/JSDSERVER-11840mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000