CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.
References
Link Resource
https://jira.atlassian.com/browse/JIRAALIGN-4281 Permissions Required Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:jira_align:*:*:*:*:*:*:*:*

History

17 Oct 2022, 15:11

Type Values Removed Values Added
CWE CWE-276
References (MISC) https://jira.atlassian.com/browse/JIRAALIGN-4281 - (MISC) https://jira.atlassian.com/browse/JIRAALIGN-4281 - Permissions Required, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:atlassian:jira_align:*:*:*:*:*:*:*:*

14 Oct 2022, 06:23

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-14 04:15

Updated : 2024-10-02 15:35


NVD link : CVE-2022-36803

Mitre link : CVE-2022-36803

CVE.ORG link : CVE-2022-36803


JSON object : View

Products Affected

atlassian

  • jira_align
CWE
CWE-276

Incorrect Default Permissions