CVE-2022-0540
Published on: Not Yet Published
Last Modified on: 08/08/2023 02:22:00 PM UTC
Certain versions of Jira Core from Atlassian contain the following vulnerability:
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
- CVE-2022-0540 has been assigned by
securit[email protected] to track the vulnerability - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[JSDSERVER-11224] Authentication Bypass in Jira Seraph - CVE-2022-0540 - Create and track feature requests for Atlassian products. | jira.atlassian.com text/html |
![]() |
Jira Security Advisory 2022-04-20 | Atlassian Support | Atlassian Documentation | confluence.atlassian.com text/html |
![]() |
[JRASERVER-73650] Authentication Bypass in Jira Seraph - CVE-2022-0540 - Create and track feature requests for Atlassian products. | jira.atlassian.com text/html |
![]() |
Related QID Numbers
Exploit/POC from Github
Atlassian Jira Seraph Authentication Bypass RCE(CVE-2022-0540)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Atlassian | Jira Core | All | All | All | All |
Application | Atlassian | Jira Data Center | All | All | All | All |
Application | Atlassian | Jira Server | All | All | All | All |
Application | Atlassian | Jira Service Management | All | All | All | All |
Application | Atlassian | Jira Service Management | All | All | All | All |
- cpe:2.3:a:atlassian:jira_core:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*:
- cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*:
No vendor comments have been submitted for this CVE