Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Jira Core Data Center by Atlassian

    CVE-2025-22157 (GCVE-0-2025-22157)

    Vulnerability from nvd – Published: 2025-05-20 18:00 – Updated: 2026-02-26 18:28
    VLAI
    Summary
    This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • PrivEsc (Privilege Escalation)
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Core Data Center Affected: 10.5.0
    Affected: 10.4.0 to 10.4.1
    Affected: 10.3.0 to 10.3.4
    Affected: 9.12.0 to 9.12.19
    Unaffected: 10.6.0
    Unaffected: 10.5.1
    Unaffected: 10.3.5 to 10.3.6
    Unaffected: 9.12.22 to 9.12.23
    Create a notification for this product.
    Atlassian Jira Core Server Affected: 9.12.0 to 9.12.19
    Unaffected: 9.12.22 to 9.12.23
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 10.5.0
    Affected: 10.4.0 to 10.4.1
    Affected: 10.3.0 to 10.3.4
    Affected: 5.12.0 to 5.12.19
    Unaffected: 10.6.0
    Unaffected: 10.5.1
    Unaffected: 10.3.5 to 10.3.6
    Unaffected: 5.12.22 to 5.12.23
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: 5.12.0 to 5.12.19
    Unaffected: 5.12.22 to 5.12.23
    Create a notification for this product.
    Credits
    Internal (Atlassian)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T03:55:33.263670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:05.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.0"
                },
                {
                  "status": "affected",
                  "version": "10.4.0 to 10.4.1"
                },
                {
                  "status": "affected",
                  "version": "10.3.0 to 10.3.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.0 to 9.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "10.6.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.5.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.3.5 to 10.3.6"
                },
                {
                  "status": "unaffected",
                  "version": "9.12.22 to 9.12.23"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.12.0 to 9.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "9.12.22 to 9.12.23"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.0"
                },
                {
                  "status": "affected",
                  "version": "10.4.0 to 10.4.1"
                },
                {
                  "status": "affected",
                  "version": "10.3.0 to 10.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.12.0 to 5.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "10.6.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.5.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.3.5 to 10.3.6"
                },
                {
                  "status": "unaffected",
                  "version": "5.12.22 to 5.12.23"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.12.0 to 5.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "5.12.22 to 5.12.23"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:10.5.0:*:*:*:data_center:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.4.1",
                      "versionStartIncluding": "10.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.4",
                      "versionStartIncluding": "10.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "9.12.19",
                      "versionStartIncluding": "9.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:10.6.0:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:10.5.1:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.6",
                      "versionStartIncluding": "10.3.5",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "9.12.23",
                      "versionStartIncluding": "9.12.22",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "9.12.19",
                      "versionStartIncluding": "9.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "9.12.23",
                      "versionStartIncluding": "9.12.22",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.5.0:*:*:*:data_center:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.4.1",
                      "versionStartIncluding": "10.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.4",
                      "versionStartIncluding": "10.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "5.12.19",
                      "versionStartIncluding": "5.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.6.0:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.5.1:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.6",
                      "versionStartIncluding": "10.3.5",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "5.12.23",
                      "versionStartIncluding": "5.12.22",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "5.12.19",
                      "versionStartIncluding": "5.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "5.12.23",
                      "versionStartIncluding": "5.12.22",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Internal (Atlassian)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions:\n\n9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server\n\n5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server\n\nThis PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. \n\nAtlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\nJira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20\n\nJira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20\n\nJira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5\n\nJira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5\n\nJira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0\n\nJira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0\n\nJira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1\n\nJira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1\n\nSee the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. \n\nThis vulnerability was reported via our Atlassian (Internal) program."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "PrivEsc (Privilege Escalation)",
                  "lang": "en",
                  "type": "PrivEsc (Privilege Escalation)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T18:00:01.328Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1561365992"
            },
            {
              "url": "https://jira.atlassian.com/browse/JRASERVER-78766"
            },
            {
              "url": "https://jira.atlassian.com/browse/JSDSERVER-16206"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2025-22157",
        "datePublished": "2025-05-20T18:00:01.328Z",
        "dateReserved": "2025-01-01T00:01:27.175Z",
        "dateUpdated": "2026-02-26T18:28:05.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-21685 (GCVE-0-2024-21685)

    Vulnerability from nvd – Published: 2024-06-18 17:00 – Updated: 2025-03-17 14:47
    VLAI
    Summary
    This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Core Data Center Affected: 9.12.0 to 9.12.7
    Affected: 9.4.0 to 9.4.20
    Unaffected: 9.16.0 to 9.16.1
    Unaffected: 9.12.8 to 9.12.10
    Unaffected: 9.4.21 to 9.4.23
    Create a notification for this product.
    atlassian jira_core Affected: 9.12.0 , ≤ 9.12.7 (custom)
    Affected: 9.4.0 , ≤ 9.4.20 (custom)
    Unaffected: 9.16.0 , ≤ 9.16.1 (custom)
    Unaffected: 9.12.8 , ≤ 9.12.10 (custom)
    Unaffected: 9.4.21 , ≤ 9.4.23 (custom)
        cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_core",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThanOrEqual": "9.12.7",
                    "status": "affected",
                    "version": "9.12.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.4.20",
                    "status": "affected",
                    "version": "9.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.16.1",
                    "status": "unaffected",
                    "version": "9.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.12.10",
                    "status": "unaffected",
                    "version": "9.12.8",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.4.23",
                    "status": "unaffected",
                    "version": "9.4.21",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-26T17:35:25.808643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T14:47:21.523Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-77713"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.12.0 to 9.12.7"
                },
                {
                  "status": "affected",
                  "version": "9.4.0 to 9.4.20"
                },
                {
                  "status": "unaffected",
                  "version": "9.16.0 to 9.16.1"
                },
                {
                  "status": "unaffected",
                  "version": "9.12.8 to 9.12.10"
                },
                {
                  "status": "unaffected",
                  "version": "9.4.21 to 9.4.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. \r\n\t\r\n\tThis Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. \r\n\t\r\n\tAtlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n\t\t\r\n\t\tJira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21\r\n\t\t\r\n\t\tJira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8\r\n\t\t\r\n\t\tJira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0\r\n\t\t\r\n\t\t\r\n\t\r\n\tSee the release notes. You can download the latest version of Jira Core Data Center from the download center. \r\n\t\r\n\tThis vulnerability was found internally."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "Information Disclosure"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T17:00:02.531Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
            },
            {
              "url": "https://jira.atlassian.com/browse/JRASERVER-77713"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21685",
        "datePublished": "2024-06-18T17:00:00.783Z",
        "dateReserved": "2024-01-01T00:05:33.847Z",
        "dateUpdated": "2025-03-17T14:47:21.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36239 (GCVE-0-2020-36239)

    Vulnerability from nvd – Published: 2021-07-29 10:12 – Updated: 2024-10-17 15:25
    VLAI
    Summary
    Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Core Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 2.0.2 , < unspecified (custom)
    Affected: unspecified , < 4.5.16 (custom)
    Affected: 4.6.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.8 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.17.0 (custom)
    Create a notification for this product.
    atlassian jira_data_center Affected: 6.3.0 , < 8.5.16 (custom)
    Affected: 8.6.0 , < 8.13.8 (custom)
    Affected: 8.14.0 , < 8.17.0 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 2.0.2 , < 4.5.16 (custom)
    Affected: 4.6.0 , < 4.13.8 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.17.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.5.16",
                    "status": "affected",
                    "version": "6.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.13.8",
                    "status": "affected",
                    "version": "8.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.17.0",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.5.16",
                    "status": "affected",
                    "version": "2.0.2",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.13.8",
                    "status": "affected",
                    "version": "4.6.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.17.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:18:39.926455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:25:47.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-29T10:12:42.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-07-21T17:00:00",
              "ID": "CVE-2020-36239",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.17.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8454",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-72566",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
                },
                {
                  "name": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-36239",
        "datePublished": "2021-07-29T10:12:42.879Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-10-17T15:25:47.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22157 (GCVE-0-2025-22157)

    Vulnerability from cvelistv5 – Published: 2025-05-20 18:00 – Updated: 2026-02-26 18:28
    VLAI
    Summary
    This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • PrivEsc (Privilege Escalation)
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Core Data Center Affected: 10.5.0
    Affected: 10.4.0 to 10.4.1
    Affected: 10.3.0 to 10.3.4
    Affected: 9.12.0 to 9.12.19
    Unaffected: 10.6.0
    Unaffected: 10.5.1
    Unaffected: 10.3.5 to 10.3.6
    Unaffected: 9.12.22 to 9.12.23
    Create a notification for this product.
    Atlassian Jira Core Server Affected: 9.12.0 to 9.12.19
    Unaffected: 9.12.22 to 9.12.23
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 10.5.0
    Affected: 10.4.0 to 10.4.1
    Affected: 10.3.0 to 10.3.4
    Affected: 5.12.0 to 5.12.19
    Unaffected: 10.6.0
    Unaffected: 10.5.1
    Unaffected: 10.3.5 to 10.3.6
    Unaffected: 5.12.22 to 5.12.23
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: 5.12.0 to 5.12.19
    Unaffected: 5.12.22 to 5.12.23
    Create a notification for this product.
    Credits
    Internal (Atlassian)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-21T03:55:33.263670Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:05.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.0"
                },
                {
                  "status": "affected",
                  "version": "10.4.0 to 10.4.1"
                },
                {
                  "status": "affected",
                  "version": "10.3.0 to 10.3.4"
                },
                {
                  "status": "affected",
                  "version": "9.12.0 to 9.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "10.6.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.5.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.3.5 to 10.3.6"
                },
                {
                  "status": "unaffected",
                  "version": "9.12.22 to 9.12.23"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.12.0 to 9.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "9.12.22 to 9.12.23"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5.0"
                },
                {
                  "status": "affected",
                  "version": "10.4.0 to 10.4.1"
                },
                {
                  "status": "affected",
                  "version": "10.3.0 to 10.3.4"
                },
                {
                  "status": "affected",
                  "version": "5.12.0 to 5.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "10.6.0"
                },
                {
                  "status": "unaffected",
                  "version": "10.5.1"
                },
                {
                  "status": "unaffected",
                  "version": "10.3.5 to 10.3.6"
                },
                {
                  "status": "unaffected",
                  "version": "5.12.22 to 5.12.23"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.12.0 to 5.12.19"
                },
                {
                  "status": "unaffected",
                  "version": "5.12.22 to 5.12.23"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:10.5.0:*:*:*:data_center:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.4.1",
                      "versionStartIncluding": "10.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.4",
                      "versionStartIncluding": "10.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "9.12.19",
                      "versionStartIncluding": "9.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:10.6.0:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:10.5.1:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.6",
                      "versionStartIncluding": "10.3.5",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "9.12.23",
                      "versionStartIncluding": "9.12.22",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "9.12.19",
                      "versionStartIncluding": "9.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "9.12.23",
                      "versionStartIncluding": "9.12.22",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.5.0:*:*:*:data_center:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.4.1",
                      "versionStartIncluding": "10.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.4",
                      "versionStartIncluding": "10.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "5.12.19",
                      "versionStartIncluding": "5.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.6.0:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.5.1:*:*:*:data_center:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "10.3.6",
                      "versionStartIncluding": "10.3.5",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                      "versionEndIncluding": "5.12.23",
                      "versionStartIncluding": "5.12.22",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "5.12.19",
                      "versionStartIncluding": "5.12.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                      "versionEndIncluding": "5.12.23",
                      "versionStartIncluding": "5.12.22",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Internal (Atlassian)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions:\n\n9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server\n\n5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server\n\nThis PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. \n\nAtlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\nJira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20\n\nJira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20\n\nJira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5\n\nJira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5\n\nJira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0\n\nJira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0\n\nJira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1\n\nJira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1\n\nSee the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. \n\nThis vulnerability was reported via our Atlassian (Internal) program."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "PrivEsc (Privilege Escalation)",
                  "lang": "en",
                  "type": "PrivEsc (Privilege Escalation)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-20T18:00:01.328Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1561365992"
            },
            {
              "url": "https://jira.atlassian.com/browse/JRASERVER-78766"
            },
            {
              "url": "https://jira.atlassian.com/browse/JSDSERVER-16206"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2025-22157",
        "datePublished": "2025-05-20T18:00:01.328Z",
        "dateReserved": "2025-01-01T00:01:27.175Z",
        "dateUpdated": "2026-02-26T18:28:05.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-21685 (GCVE-0-2024-21685)

    Vulnerability from cvelistv5 – Published: 2024-06-18 17:00 – Updated: 2025-03-17 14:47
    VLAI
    Summary
    This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21 Jira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8 Jira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0 See the release notes. You can download the latest version of Jira Core Data Center from the download center. This vulnerability was found internally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Core Data Center Affected: 9.12.0 to 9.12.7
    Affected: 9.4.0 to 9.4.20
    Unaffected: 9.16.0 to 9.16.1
    Unaffected: 9.12.8 to 9.12.10
    Unaffected: 9.4.21 to 9.4.23
    Create a notification for this product.
    atlassian jira_core Affected: 9.12.0 , ≤ 9.12.7 (custom)
    Affected: 9.4.0 , ≤ 9.4.20 (custom)
    Unaffected: 9.16.0 , ≤ 9.16.1 (custom)
    Unaffected: 9.12.8 , ≤ 9.12.10 (custom)
    Unaffected: 9.4.21 , ≤ 9.4.23 (custom)
        cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_core",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThanOrEqual": "9.12.7",
                    "status": "affected",
                    "version": "9.12.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.4.20",
                    "status": "affected",
                    "version": "9.4.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.16.1",
                    "status": "unaffected",
                    "version": "9.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.12.10",
                    "status": "unaffected",
                    "version": "9.12.8",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "9.4.23",
                    "status": "unaffected",
                    "version": "9.4.21",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-26T17:35:25.808643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-17T14:47:21.523Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-77713"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.12.0 to 9.12.7"
                },
                {
                  "status": "affected",
                  "version": "9.4.0 to 9.4.20"
                },
                {
                  "status": "unaffected",
                  "version": "9.16.0 to 9.16.1"
                },
                {
                  "status": "unaffected",
                  "version": "9.12.8 to 9.12.10"
                },
                {
                  "status": "unaffected",
                  "version": "9.4.21 to 9.4.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. \r\n\t\r\n\tThis Information Disclosure vulnerability, with a CVSS Score of 7.4, allows an unauthenticated attacker to view sensitive information via an Information Disclosure vulnerability which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. \r\n\t\r\n\tAtlassian recommends that Jira Core Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n\t\t\r\n\t\tJira Core Data Center 9.4: Upgrade to a release greater than or equal to 9.4.21\r\n\t\t\r\n\t\tJira Core Data Center 9.12: Upgrade to a release greater than or equal to 9.12.8\r\n\t\t\r\n\t\tJira Core Data Center 9.16: Upgrade to a release greater than or equal to 9.16.0\r\n\t\t\r\n\t\t\r\n\t\r\n\tSee the release notes. You can download the latest version of Jira Core Data Center from the download center. \r\n\t\r\n\tThis vulnerability was found internally."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "Information Disclosure"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-18T17:00:02.531Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1409286211"
            },
            {
              "url": "https://jira.atlassian.com/browse/JRASERVER-77713"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21685",
        "datePublished": "2024-06-18T17:00:00.783Z",
        "dateReserved": "2024-01-01T00:05:33.847Z",
        "dateUpdated": "2025-03-17T14:47:21.523Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36239 (GCVE-0-2020-36239)

    Vulnerability from cvelistv5 – Published: 2021-07-29 10:12 – Updated: 2024-10-17 15:25
    VLAI
    Summary
    Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Core Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 2.0.2 , < unspecified (custom)
    Affected: unspecified , < 4.5.16 (custom)
    Affected: 4.6.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.8 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.17.0 (custom)
    Create a notification for this product.
    atlassian jira_data_center Affected: 6.3.0 , < 8.5.16 (custom)
    Affected: 8.6.0 , < 8.13.8 (custom)
    Affected: 8.14.0 , < 8.17.0 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 2.0.2 , < 4.5.16 (custom)
    Affected: 4.6.0 , < 4.13.8 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.17.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.5.16",
                    "status": "affected",
                    "version": "6.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.13.8",
                    "status": "affected",
                    "version": "8.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.17.0",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.5.16",
                    "status": "affected",
                    "version": "2.0.2",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.13.8",
                    "status": "affected",
                    "version": "4.6.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.17.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:18:39.926455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:25:47.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-29T10:12:42.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-07-21T17:00:00",
              "ID": "CVE-2020-36239",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.17.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8454",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-72566",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
                },
                {
                  "name": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-36239",
        "datePublished": "2021-07-29T10:12:42.879Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-10-17T15:25:47.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }