Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for jira_service_desk by atlassian

    CVE-2021-43959 (GCVE-0-2021-43959)

    Vulnerability from nvd – Published: 2022-07-26 08:00 – Updated: 2024-10-03 18:37
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Server-Side Request Forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.20 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.8 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.2 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.20 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.8 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.2 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:16.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11898"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43959",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T18:36:52.953222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T18:37:02.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-26T08:00:13.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-26T00:00:00",
              "ID": "CVE-2021-43959",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.20"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.20"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-Side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11898",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43959",
        "datePublished": "2022-07-26T08:00:14.034Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-03T18:37:02.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26137 (GCVE-0-2022-26137)

    Vulnerability from nvd – Published: 2022-07-20 17:25 – Updated: 2024-10-03 17:10
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.1 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T16:48:52.174175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:10:16.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:23.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26137",
        "datePublished": "2022-07-20T17:25:23.603Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:10:16.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26136 (GCVE-0-2022-26136)

    Vulnerability from nvd – Published: 2022-07-20 17:25 – Updated: 2024-10-03 16:43
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.0 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
    Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:26:49.090400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T16:43:16.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26136",
        "datePublished": "2022-07-20T17:25:18.803Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T16:43:16.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26135 (GCVE-0-2022-26135)

    Vulnerability from nvd – Published: 2022-06-30 05:20 – Updated: 2024-10-29 15:20
    VLAI
    Summary
    A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Server-side Request Forgery
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Core Server Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Date Public
    2022-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:05:50.366047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-918",
                    "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T15:20:52.789Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T05:20:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-06-29T00:00:00",
              "ID": "CVE-2022-26135",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11840",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
                },
                {
                  "name": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26135",
        "datePublished": "2022-06-30T05:20:15.269Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-29T15:20:52.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39115 (GCVE-0-2021-39115)

    Vulnerability from nvd – Published: 2021-09-01 23:00 – Updated: 2024-10-11 19:19
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-39115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T19:11:09.878988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T19:19:10.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-96",
                  "description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-01T23:00:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-08-30T00:00:00",
              "ID": "CVE-2021-39115",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8665",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-39115",
        "datePublished": "2021-09-01T23:00:09.591Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-10-11T19:19:10.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36239 (GCVE-0-2020-36239)

    Vulnerability from nvd – Published: 2021-07-29 10:12 – Updated: 2024-10-17 15:25
    VLAI
    Summary
    Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Core Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 2.0.2 , < unspecified (custom)
    Affected: unspecified , < 4.5.16 (custom)
    Affected: 4.6.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.8 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.17.0 (custom)
    Create a notification for this product.
    atlassian jira_data_center Affected: 6.3.0 , < 8.5.16 (custom)
    Affected: 8.6.0 , < 8.13.8 (custom)
    Affected: 8.14.0 , < 8.17.0 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 2.0.2 , < 4.5.16 (custom)
    Affected: 4.6.0 , < 4.13.8 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.17.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.5.16",
                    "status": "affected",
                    "version": "6.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.13.8",
                    "status": "affected",
                    "version": "8.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.17.0",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.5.16",
                    "status": "affected",
                    "version": "2.0.2",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.13.8",
                    "status": "affected",
                    "version": "4.6.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.17.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:18:39.926455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:25:47.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-29T10:12:42.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-07-21T17:00:00",
              "ID": "CVE-2020-36239",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.17.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8454",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-72566",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
                },
                {
                  "name": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-36239",
        "datePublished": "2021-07-29T10:12:42.879Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-10-17T15:25:47.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14180 (GCVE-0-2020-14180)

    Vulnerability from nvd – Published: 2020-09-21 00:55 – Updated: 2024-09-17 01:26
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.
    Severity
    No CVSS data available.
    CWE
    • Broken Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 4.12.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6917"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Broken Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-21T00:55:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6917"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-02T00:00:00",
              "ID": "CVE-2020-14180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Broken Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6917",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6917"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14180",
        "datePublished": "2020-09-21T00:55:12.877Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:00.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14166 (GCVE-0-2020-14166)

    Vulnerability from nvd – Published: 2020-07-01 01:35 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server and Data Center Affected: unspecified , < 4.10.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6895"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server and Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-07T21:06:25.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6895"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-01T00:00:00",
              "ID": "CVE-2020-14166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server and Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6895",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6895"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14166",
        "datePublished": "2020-07-01T01:35:26.241Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:13.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15004 (GCVE-0-2019-15004)

    Vulnerability from nvd – Published: 2019-11-07 03:35 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6589",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15004",
        "datePublished": "2019-11-07T03:35:38.947Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:47.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15003 (GCVE-0-2019-15003)

    Vulnerability from nvd – Published: 2019-11-07 03:35 – Updated: 2024-09-16 22:25
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6590",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15003",
        "datePublished": "2019-11-07T03:35:38.545Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:56.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-14994 (GCVE-0-2019-14994)

    Vulnerability from nvd – Published: 2019-09-19 14:20 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Date Public
    2018-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
              },
              {
                "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/39"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T19:42:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
            },
            {
              "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/39"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-09-18T00:00:00",
              "ID": "CVE-2019-14994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6517",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
                },
                {
                  "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/39"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
                },
                {
                  "name": "https://samcurry.net/analysis-of-cve-2019-14994/",
                  "refsource": "MISC",
                  "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-14994",
        "datePublished": "2019-09-19T14:20:53.238Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:34.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8481 (GCVE-0-2015-8481)

    Vulnerability from nvd – Published: 2016-01-08 19:00 – Updated: 2024-08-06 08:20
    VLAI
    Summary
    Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:20:42.871Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "79381",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79381"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRA-47557"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-01-08T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "79381",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79381"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/JRA-47557"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "79381",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/79381"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRA-47557",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/JRA-47557"
                },
                {
                  "name": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html",
                  "refsource": "CONFIRM",
                  "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8481",
        "datePublished": "2016-01-08T19:00:00.000Z",
        "dateReserved": "2015-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:20:42.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43959 (GCVE-0-2021-43959)

    Vulnerability from cvelistv5 – Published: 2022-07-26 08:00 – Updated: 2024-10-03 18:37
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Server-Side Request Forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.20 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.8 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.2 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.20 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.8 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.2 (custom)
    Create a notification for this product.
    Date Public
    2022-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:16.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11898"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-43959",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T18:36:52.953222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T18:37:02.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-26T08:00:13.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-26T00:00:00",
              "ID": "CVE-2021-43959",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.20"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.20"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-Side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11898",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-43959",
        "datePublished": "2022-07-26T08:00:14.034Z",
        "dateReserved": "2021-11-16T00:00:00.000Z",
        "dateUpdated": "2024-10-03T18:37:02.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26137 (GCVE-0-2022-26137)

    Vulnerability from cvelistv5 – Published: 2022-07-20 17:25 – Updated: 2024-10-03 17:10
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.1 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T16:48:52.174175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:10:16.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:23.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26137",
        "datePublished": "2022-07-20T17:25:23.603Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:10:16.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26136 (GCVE-0-2022-26136)

    Vulnerability from cvelistv5 – Published: 2022-07-20 17:25 – Updated: 2024-10-03 16:43
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.0 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
    Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:26:49.090400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T16:43:16.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26136",
        "datePublished": "2022-07-20T17:25:18.803Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T16:43:16.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26135 (GCVE-0-2022-26135)

    Vulnerability from cvelistv5 – Published: 2022-06-30 05:20 – Updated: 2024-10-29 15:20
    VLAI
    Summary
    A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Server-side Request Forgery
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Core Server Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Date Public
    2022-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:05:50.366047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-918",
                    "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T15:20:52.789Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-side Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T05:20:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-06-29T00:00:00",
              "ID": "CVE-2022-26135",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-side Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73863"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11840",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11840"
                },
                {
                  "name": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26135",
        "datePublished": "2022-06-30T05:20:15.269Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-29T15:20:52.789Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39115 (GCVE-0-2021-39115)

    Vulnerability from cvelistv5 – Published: 2021-09-01 23:00 – Updated: 2024-10-11 19:19
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-39115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T19:11:09.878988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T19:19:10.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-96",
                  "description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-01T23:00:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-08-30T00:00:00",
              "ID": "CVE-2021-39115",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8665",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-39115",
        "datePublished": "2021-09-01T23:00:09.591Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-10-11T19:19:10.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36239 (GCVE-0-2020-36239)

    Vulnerability from cvelistv5 – Published: 2021-07-29 10:12 – Updated: 2024-10-17 15:25
    VLAI
    Summary
    Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Core Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.5.16 (custom)
    Affected: 8.6.0 , < unspecified (custom)
    Affected: unspecified , < 8.13.8 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.17.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: 2.0.2 , < unspecified (custom)
    Affected: unspecified , < 4.5.16 (custom)
    Affected: 4.6.0 , < unspecified (custom)
    Affected: unspecified , < 4.13.8 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.17.0 (custom)
    Create a notification for this product.
    atlassian jira_data_center Affected: 6.3.0 , < 8.5.16 (custom)
    Affected: 8.6.0 , < 8.13.8 (custom)
    Affected: 8.14.0 , < 8.17.0 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 2.0.2 , < 4.5.16 (custom)
    Affected: 4.6.0 , < 4.13.8 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.17.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-07-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.5.16",
                    "status": "affected",
                    "version": "6.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.13.8",
                    "status": "affected",
                    "version": "8.6.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.17.0",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.5.16",
                    "status": "affected",
                    "version": "2.0.2",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.13.8",
                    "status": "affected",
                    "version": "4.6.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.17.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36239",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T15:18:39.926455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T15:25:47.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.0.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.13.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.17.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-07-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-29T10:12:42.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-07-21T17:00:00",
              "ID": "CVE-2020-36239",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.17.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.17.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862: Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8454",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8454"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-72566",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-72566"
                },
                {
                  "name": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-36239",
        "datePublished": "2021-07-29T10:12:42.879Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-10-17T15:25:47.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14180 (GCVE-0-2020-14180)

    Vulnerability from cvelistv5 – Published: 2020-09-21 00:55 – Updated: 2024-09-17 01:26
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.
    Severity
    No CVSS data available.
    CWE
    • Broken Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 4.12.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6917"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.12.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Broken Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-21T00:55:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6917"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-02T00:00:00",
              "ID": "CVE-2020-14180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.12.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Broken Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6917",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6917"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14180",
        "datePublished": "2020-09-21T00:55:12.877Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:26:00.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14166 (GCVE-0-2020-14166)

    Vulnerability from cvelistv5 – Published: 2020-07-01 01:35 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
    Severity
    No CVSS data available.
    CWE
    • Cross Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server and Data Center Affected: unspecified , < 4.10.0 (custom)
    Create a notification for this product.
    Date Public
    2020-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.181Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6895"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server and Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.10.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-07T21:06:25.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6895"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-01T00:00:00",
              "ID": "CVE-2020-14166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server and Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.10.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6895",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6895"
                },
                {
                  "name": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/162107/Atlassian-Jira-Service-Desk-4.9.1-Cross-Site-Scripting.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14166",
        "datePublished": "2020-07-01T01:35:26.241Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:13.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15004 (GCVE-0-2019-15004)

    Vulnerability from cvelistv5 – Published: 2019-11-07 03:35 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6589",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15004",
        "datePublished": "2019-11-07T03:35:38.947Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:47.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15003 (GCVE-0-2019-15003)

    Vulnerability from cvelistv5 – Published: 2019-11-07 03:35 – Updated: 2024-09-16 22:25
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6590",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15003",
        "datePublished": "2019-11-07T03:35:38.545Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:56.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-14994 (GCVE-0-2019-14994)

    Vulnerability from cvelistv5 – Published: 2019-09-19 14:20 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Date Public
    2018-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
              },
              {
                "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/39"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T19:42:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
            },
            {
              "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/39"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-09-18T00:00:00",
              "ID": "CVE-2019-14994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6517",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
                },
                {
                  "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/39"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
                },
                {
                  "name": "https://samcurry.net/analysis-of-cve-2019-14994/",
                  "refsource": "MISC",
                  "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-14994",
        "datePublished": "2019-09-19T14:20:53.238Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:34.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8481 (GCVE-0-2015-8481)

    Vulnerability from cvelistv5 – Published: 2016-01-08 19:00 – Updated: 2024-08-06 08:20
    VLAI
    Summary
    Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:20:42.871Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "79381",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79381"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRA-47557"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-01-08T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "79381",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79381"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/JRA-47557"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "79381",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/79381"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRA-47557",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/JRA-47557"
                },
                {
                  "name": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html",
                  "refsource": "CONFIRM",
                  "url": "https://confluence.atlassian.com/jira/jira-security-advisory-2015-12-09-792307790.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8481",
        "datePublished": "2016-01-08T19:00:00.000Z",
        "dateReserved": "2015-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:20:42.871Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }