CVE-2022-26135

Published Jun 30, 2022

Last updated 17 days ago

CVSS medium 6.5

Overview

Description: A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
Source: security@atlassian.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-918
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-918

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC60A960-8E6A-4046-8ED4-BA292E0BDB57",
            "versionEndExcluding": "8.13.22",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "963AE427-2897-42CB-AE11-654D700E690B",
            "versionEndExcluding": "8.20.10",
            "versionStartIncluding": "8.14.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7CD8891-BB97-4AD3-BEE4-6CCA0D8A2D85",
            "versionEndExcluding": "8.22.4",
            "versionStartIncluding": "8.21.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "600A3083-753A-4F1C-8063-A9D8D3320110",
            "versionEndExcluding": "8.13.22",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D22AB11D-1D73-45DC-803C-146EFED18CDA",
            "versionEndExcluding": "8.20.10",
            "versionStartIncluding": "8.14.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB2091E9-0B14-4786-852F-454C56D20839",
            "versionEndExcluding": "8.22.4",
            "versionStartIncluding": "8.21.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89DEC57D-1BBC-47EB-B2BA-1AB6A4D83C74",
            "versionEndExcluding": "4.13.22",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3D632A1-4402-4B07-B361-DC6EB49F1DF5",
            "versionEndExcluding": "4.13.22",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39F77953-41D7-4398-9F07-2A057A993762",
            "versionEndExcluding": "4.20.10",
            "versionStartIncluding": "4.14.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CADBE0E7-36D9-4F6F-BEE6-A1E0B9428C2A",
            "versionEndExcluding": "4.20.10",
            "versionStartIncluding": "4.14.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC0DB08B-2034-4691-A7B2-3E5F8B6318B1",
            "versionEndExcluding": "4.22.4",
            "versionStartIncluding": "4.21.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A17BE7-7CCC-46D8-A317-53E2B026DF6E",
            "versionEndExcluding": "4.22.4",
            "versionStartIncluding": "4.21.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References