Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36800

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.

Published

2022-08-03T03:15:08.460

Last Modified

2024-11-21T07:13:47.177

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atlassian	jira_service_management	< 4.22.2	Yes
Application	atlassian	jira_service_management	< 4.22.2	Yes

References

https://jira.atlassian.com/browse/JSDSERVER-11900 Issue Tracking, Vendor Advisory ([email protected])
https://jira.atlassian.com/browse/JSDSERVER-11900 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)