CVE-2022-36800
Summary
| CVE | CVE-2022-36800 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-03 03:15:00 UTC |
| Updated | 2023-08-08 14:22:00 UTC |
| Description | Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Jira Service Management | All | All | All | All |
| Application | Atlassian | Jira Service Management | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Log in with Atlassian account | MISC | jira.atlassian.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 730588 Atlassian Jira Service Management Server and Data Center Browse Users Vulnerability (JSDSERVER-11900)