Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-11900

User without "Browse Users" permission can view groups - CVE-2022-36800

XMLWordPrintable

    • 3.5
    • Medium
    • CVE-2022-36800

      Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint.

      The affected versions are before version 4.22.2.

      Affected versions:

      • version < 4.22.2

      Fixed versions:

      • 4.22.2

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: