CVE-2022-0540

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
References
Link Resource
https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 Issue Tracking Patch Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-73650 Issue Tracking Patch Vendor Advisory
https://jira.atlassian.com/browse/JSDSERVER-11224 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*

History

24 Oct 2024, 17:35

Type Values Removed Values Added
CWE CWE-287

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-287 NVD-CWE-noinfo

10 Jun 2022, 14:49

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*

28 Apr 2022, 16:55

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 9.8
CWE CWE-287
References (MISC) https://jira.atlassian.com/browse/JRASERVER-73650 - (MISC) https://jira.atlassian.com/browse/JRASERVER-73650 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://jira.atlassian.com/browse/JSDSERVER-11224 - (MISC) https://jira.atlassian.com/browse/JSDSERVER-11224 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 - (MISC) https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 - Issue Tracking, Patch, Vendor Advisory

20 Apr 2022, 19:20

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-20 19:15

Updated : 2024-10-24 17:35


NVD link : CVE-2022-0540

Mitre link : CVE-2022-0540

CVE.ORG link : CVE-2022-0540


JSON object : View

Products Affected

atlassian

  • jira_server
  • jira_service_management
  • jira_data_center
CWE
NVD-CWE-noinfo CWE-287

Improper Authentication