Medium severity6.5NVD Advisory· Published Jun 30, 2022· Updated Jun 17, 2026
CVE-2022-26135
CVE-2022-26135
Description
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: from 8.0.0 before 8.13.22, from 8.14.0 before 8.20.10, from 8.21.0 before 8.22.4
- Range: from 8.0.0 before 8.13.22, from 8.14.0 before 8.20.10, from 8.21.0 before 8.22.4
from 4.0.0 before 4.13.22, from 4.14.0 before 4.20.10, from 4.21.0 before 4.22.4+ 2 more
- (no CPE)range: from 4.0.0 before 4.13.22, from 4.14.0 before 4.20.10, from 4.21.0 before 4.22.4
- (no CPE)range: 4.0.0
- (no CPE)range: 4.0.0
8.0.0+ 1 more
- (no CPE)range: 8.0.0
- (no CPE)range: 8.0.0
- Range: 8.0.0
Patches
Vulnerability mechanics
References
3- confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022nvdMitigationVendor Advisory
- jira.atlassian.com/browse/JRASERVER-73863nvdVendor Advisory
- jira.atlassian.com/browse/JSDSERVER-11840nvdVendor Advisory
News mentions
0No linked articles in our index yet.