-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.22.1
-
None
-
3.5
-
Medium
-
CVE-2022-36800
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint.
The affected versions are before version 4.22.2.
Affected versions:
- version < 4.22.2
Fixed versions:
- 4.22.2
- mentioned in
-
Page Failed to load
[JSDSERVER-11900] User without "Browse Users" permission can view groups - CVE-2022-36800
Remote Link | New: This issue links to "Page (Confluence)" [ 733525 ] |
CVE ID | New: CVE-2022-36800 |
Resolution | New: Fixed [ 1 ] | |
Security | Original: Atlassian Staff [ 10750 ] | |
Status | Original: Draft [ 12872 ] | New: Published [ 12873 ] |
Summary | Original: User without "Browse Users" permission can view groups - CVE registration for this issue is already in progress | New: User without "Browse Users" permission can view groups - CVE-2022-36800 |
Description |
Original:
Affected versions of Atlassian Jira Service Management Server allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the _browsegroups.action_ endpoint.
The affected versions are before version 4.22.2. *Affected versions:* * version < 4.22.2 *Fixed versions:* * 4.22.2 |
New:
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the _browsegroups.action_ endpoint.
The affected versions are before version 4.22.2. *Affected versions:* * version < 4.22.2 *Fixed versions:* * 4.22.2 |
Labels | Original: advisory advisory-to-release dont-import security | New: advisory advisory-to-release dont-import security 🔢✅ |
Description |
Original:
Affected versions of Atlassian Jira Service Management Server allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the _browsegroups.action_ endpoint.
The affected versions are before version 4.22.2. *{*}Affected versions:{*}* * version < 4.22.2 *{*}Fixed versions:{*}* * 4.22.2 |
New:
Affected versions of Atlassian Jira Service Management Server allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the _browsegroups.action_ endpoint.
The affected versions are before version 4.22.2. *Affected versions:* * version < 4.22.2 *Fixed versions:* * 4.22.2 |
Howdi team,
any update or details on fix and vulnerability for LTS versions?