Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 8.13.20, 8.20.8, 8.22.2
Affects Version/s: 8.13.0, 8.20.0
Component/s: Security
Labels:
None

Introduced in Version:
8.13
Support reference count:
0
Symptom Severity:
Severity 3 - Minor
UIS:
25
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

This issue stands as a place holder to track the progress of resolving the issue described at FAQ for CVE-2022-22965.

As part of normal security practice, we do not disclose security issues until they are fully resolved in our products so as to mitigate the risk to our customers. In this case the broader security concern was raised publicly by a third party, so broad stroke information about the issue is already available.

We cannot disclose particular details of the issue, and the FAQ for CVE-2022-22965 remains the single source of truth. Once this issue is resolved, we will update this issue to point to the security disclosure issue with additional detail.

UPDATE

We’ve released these new versions with an upgraded version of Tomcat which also serves to mitigate this issue:

Attachments

Issue Links

is cloned from

CONFSERVER-78586 Tracking Resolution of Issue Described in FAQ for CVE-2022-22965

Closed

is related to

JRASERVER-73773 Upgrade Tomcat to version 8.5.78 - CVE-2022-22965 (Spring Framework RCE)

Closed

relates to

JPOSERVER-4353 Upgrade an external library to fix the vulnerability CVE-2022-22965

Closed

is blocked by: VULN-732672 Loading...

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...

(3 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Daniel R

Votes:: 6 Vote for this issue

Watchers:: 22 Start watching this issue

Dates

Created:: 11/May/2022 6:54 PM

Updated:: 11/Sep/2023 6:29 PM

Resolved:: 23/Jun/2022 11:35 PM