Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 4.22.2
Affects Version/s: 4.22.1
Component/s: None
Labels:

CVSS Score:
3.5
CVSS Severity:
Medium
CVE ID:
CVE-2022-36800

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint.

The affected versions are before version 4.22.2.

Affected versions:

version < 4.22.2

Fixed versions:

4.22.2

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 27/Jul/2022 1:53 AM

Updated:: 21/Feb/2023 3:41 PM

Resolved:: 03/Aug/2022 4:12 AM

User without "Browse Users" permission can view groups - CVE-2022-36800