← Zuruck zu CVEs

CVE-2022-0540

CRITICAL

9.8

Beschreibung

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht4/20/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

atlassian:jira_data_centeratlassian:jira_serveratlassian:jira_service_management

Schwachen (CWE)

CWE-287

Referenzen

https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20(security@atlassian.com)

https://jira.atlassian.com/browse/JRASERVER-73650(security@atlassian.com)

https://jira.atlassian.com/browse/JSDSERVER-11224(security@atlassian.com)

https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20(af854a3a-2127-422b-91ae-364da2661108)

https://jira.atlassian.com/browse/JRASERVER-73650(af854a3a-2127-422b-91ae-364da2661108)

https://jira.atlassian.com/browse/JSDSERVER-11224(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.