{"api_version":"1","generated_at":"2026-04-23T02:36:25+00:00","cve":"CVE-2022-36800","urls":{"html":"https://cve.report/CVE-2022-36800","api":"https://cve.report/api/cve/CVE-2022-36800.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-36800","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-36800"},"summary":{"title":"CVE-2022-36800","description":"Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the \"Browse Users\" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.","state":"PUBLIC","assigner":"security@atlassian.com","published_at":"2022-08-03 03:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://jira.atlassian.com/browse/JSDSERVER-11900","name":"https://jira.atlassian.com/browse/JSDSERVER-11900","refsource":"MISC","tags":[],"title":"Log in with Atlassian account","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-36800","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36800","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"36800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"atlassian","cpe5":"jira_service_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"data_center","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"36800","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"atlassian","cpe5":"jira_service_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"server","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-36800","qid":"730588","title":"Atlassian Jira Service Management Server and Data Center Browse Users Vulnerability (JSDSERVER-11900)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@atlassian.com","DATE_PUBLIC":"2022-08-03T00:00:00","ID":"CVE-2022-36800","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Jira Service Management Server","version":{"version_data":[{"version_value":"4.22.2","version_affected":"<"}]}},{"product_name":"Jira Service Management Data Center","version":{"version_data":[{"version_value":"4.22.2","version_affected":"<"}]}}]},"vendor_name":"Atlassian"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the \"Browse Users\" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure"}]}]},"references":{"reference_data":[{"url":"https://jira.atlassian.com/browse/JSDSERVER-11900","refsource":"MISC","name":"https://jira.atlassian.com/browse/JSDSERVER-11900"}]}},"nvd":{"publishedDate":"2022-08-03 03:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*","versionEndExcluding":"4.22.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*","versionEndExcluding":"4.22.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}