CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-0540

CVSS 9.8v3.1pub. 2022-04-20upd. 2024-11-21

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Jira Data Center

    APP
    Atlassian
    < 8.13.88.14.0 – 8.20.6 (bez)8.21.0 – 8.22.0 (bez)
  • Atlassian Jira Server

    APP
    Atlassian
    < 8.13.88.14.0 – 8.20.6 (bez)8.21.0 – 8.22.0 (bez)
  • Atlassian Jira Service Management

    APP
    Atlassian
    < 4.13.8< 4.13.184.14.0 – 4.20.6 (bez)4.21.0 – 4.22.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2019-11581CRITICAL9.8⚠ KEVten sam produkt

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdminis...

CVE-2023-22501CRITICAL9.1ten sam produkt

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows ...

CVE-2022-26136CRITICAL9.8ten sam produkt

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Fil...

CVE-2020-36239CRITICAL9.8ten sam produkt

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6....

CVE-2019-13990CRITICAL9.8ten sam produkt

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows ...