-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
10.107.4
-
None
-
6.5
-
Medium
-
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align before version 10.109.2 allows an authenticated attacker with the People role permission can use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.
Affected versions:
- version < 10.109.2
Fixed versions:
- 10.109.2
Form Name |
---|
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 6.5 => Medium severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N