CRITICAL✓ PATCH🇬🇧 English

CVE-2022-0540

CVSS 9.8v3.1pub. 2022-04-20upd. 2024-11-21

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Jira Data Center

    APP
    Atlassian
    < 8.13.88.14.0 – 8.20.6 (bez)8.21.0 – 8.22.0 (bez)
  • Atlassian Jira Server

    APP
    Atlassian
    < 8.13.88.14.0 – 8.20.6 (bez)8.21.0 – 8.22.0 (bez)
  • Atlassian Jira Service Management

    APP
    Atlassian
    < 4.13.8< 4.13.184.14.0 – 4.20.6 (bez)4.21.0 – 4.22.0 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2019-11581CRITICAL9.8⚠ KEVten sam produkt

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdminis...

CVE-2023-22501CRITICAL9.1ten sam produkt

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows ...

CVE-2022-26136CRITICAL9.8ten sam produkt

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Fil...

CVE-2020-36239CRITICAL9.8ten sam produkt

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6....

CVE-2019-13990CRITICAL9.8ten sam produkt

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows ...