CVE-2022-0540

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
References
Link Resource
https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 Issue Tracking Patch Vendor Advisory
https://jira.atlassian.com/browse/JSDSERVER-11224 Issue Tracking Patch Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-73650 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*

History

10 Jun 2022, 14:49

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*

28 Apr 2022, 16:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 9.8
CWE CWE-287
References (MISC) https://jira.atlassian.com/browse/JRASERVER-73650 - (MISC) https://jira.atlassian.com/browse/JRASERVER-73650 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://jira.atlassian.com/browse/JSDSERVER-11224 - (MISC) https://jira.atlassian.com/browse/JSDSERVER-11224 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 - (MISC) https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 - Issue Tracking, Patch, Vendor Advisory
First Time Atlassian jira Server
Atlassian jira Core
Atlassian
Atlassian jira Service Management
Atlassian jira Data Center
CPE cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

20 Apr 2022, 19:20

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-20 19:15

Updated : 2022-06-10 14:49


NVD link : CVE-2022-0540

Mitre link : CVE-2022-0540


JSON object : View

Products Affected

atlassian

  • jira_server
  • jira_data_center
  • jira_service_management
CWE
CWE-287

Improper Authentication