Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.

Published

2022-10-14T04:15:13.807

Last Modified

2024-11-21T07:13:48.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-276
Type: Secondary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atlassian	jira_align	< 10.109.2	Yes

References

https://jira.atlassian.com/browse/JIRAALIGN-4281 Permissions Required, Vendor Advisory ([email protected])
https://jira.atlassian.com/browse/JIRAALIGN-4281 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)