CVE-2022-26135

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
89.3%
top 0.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Atlassian Jira Core ServerAtlassian Jira Service Management Data CenterAtlassian Jira Service Management Server+6 more
Timeline
PublishedJun 30
Latest updateJul 1

Description

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from v

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages9 packages

CVEListV5atlassian/jira_service_management_data_center4.0.0unspecified+5
NVDatlassian/jira_data_center8.0.08.13.22+2
CVEListV5atlassian/jira_software_data_center8.0.0unspecified+5
CVEListV5atlassian/jira_service_management_server4.0.0unspecified+5
NVDatlassian/jira_server8.0.08.13.22+2

🔴Vulnerability Details

2
GHSA
GHSA-wfhv-4qh5-c632: A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feat2022-07-01
CVEList
CVE-2022-26135: A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feat2022-06-30
CVE-2022-26135 (MEDIUM CVSS 6.5) | A vulnerability in Mobile Plugin fo | cvebase.io