CVE-2022-36800

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.
References
Link Resource
https://jira.atlassian.com/browse/JSDSERVER-11900 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*

History

29 Oct 2024, 16:35

Type Values Removed Values Added
CWE CWE-732

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-863 NVD-CWE-noinfo

09 Aug 2022, 17:15

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
CWE CWE-863
References (MISC) https://jira.atlassian.com/browse/JSDSERVER-11900 - (MISC) https://jira.atlassian.com/browse/JSDSERVER-11900 - Issue Tracking, Vendor Advisory

03 Aug 2022, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-03 03:15

Updated : 2024-10-29 16:35


NVD link : CVE-2022-36800

Mitre link : CVE-2022-36800

CVE.ORG link : CVE-2022-36800


JSON object : View

Products Affected

atlassian

  • jira_service_management
CWE
NVD-CWE-noinfo CWE-732

Incorrect Permission Assignment for Critical Resource