Uploaded image for project: 'Jira Align'
  1. Jira Align
  2. JIRAALIGN-4326

Jira Align - SSRF in ManageJiraConnectors API - CVE-2022-36802

XMLWordPrintable

    • 8.7
    • High
    • CVE-2022-36802

      The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. ++ This vulnerability was reported by Jacob Shafer from Bishop Fox.

      Affected versions:

      • version < 10.109.2

      Fixed versions:

      • 10.109.2

          Form Name

            [JIRAALIGN-4326] Jira Align - SSRF in ManageJiraConnectors API - CVE-2022-36802

            Security Metrics Bot made changes -
            CVE ID New: CVE-2022-36802
            Prerana Shenoy made changes -
            Description Original: There was a *Server-Side Request Forgery* vulnerability in Jira Align via the ManageJiraConnectors API. An attacker with permission to specify an AWS metadata endpoint in a user-supplied parameter is able to exploit this issue to return the AWS credentials of the service account that deployed the instance of Jira Align.
            The affected versions are before version 10.109.2.

            *Affected versions:*
             * version < 10.109.2

            *Fixed versions:*
             * 10.109.2             		New: The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request. ++ This vulnerability was reported by Jacob Shafer from Bishop Fox.

            *Affected versions:*
             * version < 10.109.2

            *Fixed versions:*
             * 10.109.2
            Prerana Shenoy made changes -
            Summary Original: Jira Align - SSRF in ManageJiraConnectors API New: Jira Align - SSRF in ManageJiraConnectors API - CVE-2022-36802
            Prerana Shenoy made changes -
            Resolution New: Fixed [ 1 ]
            Security Original: Atlassian Staff [ 10750 ]
            Status Original: Draft [ 12872 ] New: Published [ 12873 ]
            Prerana Shenoy made changes -
            Labels Original: advisory advisory-to-release dont-import security 🔢✅ New: advisory advisory-released dont-import security 🔢✅
            Prerana Shenoy made changes -
            Summary Original: An Atlassian product has a security vulnerability. New: Jira Align - SSRF in ManageJiraConnectors API
            Prerana Shenoy made changes -
            Description Original:
            This vulnerability affects certain versions of Atlassian Jira Align. Please describe the impact of the vulnerability here. No known vulnerability could be read off of the parent.
            The affected versions are before version 10.109.2.

            *Affected versions:*

             * version < 10.109.2

            *Fixed versions:*

             * 10.109.2

            		 New: There was a *Server-Side Request Forgery* vulnerability in Jira Align via the ManageJiraConnectors API. An attacker with permission to specify an AWS metadata endpoint in a user-supplied parameter is able to exploit this issue to return the AWS credentials of the service account that deployed the instance of Jira Align.
            The affected versions are before version 10.109.2.

            *Affected versions:*
             * version < 10.109.2

            *Fixed versions:*
             * 10.109.2
            Security Metrics Bot made changes -
            Labels Original: advisory advisory-to-release dont-import security New: advisory advisory-to-release dont-import security 🔢✅

            Security Metrics Bot added a comment -

            This is an independent assessment and you should evaluate its applicability to your own IT environment.

            CVSS v3 score: 8.7 => High severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required High
            User Interaction None

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality High
            Integrity High
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 8.7 => High severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality High Integrity High Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
            Security Metrics Bot made changes -
            Labels New: advisory advisory-to-release dont-import security

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: