CVE-2022-26136 (GCVE-0-2022-26136)
Vulnerability from cvelistv5 – Published: 2022-07-20 17:25 – Updated: 2024-10-03 16:43
VLAI
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://jira.atlassian.com/browse/BAM-21795 | x_refsource_MISC |
| https://jira.atlassian.com/browse/BSERV-13370 | x_refsource_MISC |
| https://jira.atlassian.com/browse/CONFSERVER-79476 | x_refsource_MISC |
| https://jira.atlassian.com/browse/CWD-5815 | x_refsource_MISC |
| https://jira.atlassian.com/browse/FE-7410 | x_refsource_MISC |
| https://jira.atlassian.com/browse/CRUC-8541 | x_refsource_MISC |
| https://jira.atlassian.com/browse/JRASERVER-73897 | x_refsource_MISC |
| https://jira.atlassian.com/browse/JSDSERVER-11863 | x_refsource_MISC |
Impacted products
32 products
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Bamboo Server |
Affected:
unspecified , < 8.0.9
(custom)
Affected: 8.1.0 , < unspecified (custom) Affected: unspecified , < 8.1.8 (custom) Affected: 8.2.0 , < unspecified (custom) Affected: unspecified , < 8.2.4 (custom) |
|
| Atlassian | Bamboo Data Center |
Affected:
unspecified , < 8.0.9
(custom)
Affected: 8.1.0 , < unspecified (custom) Affected: unspecified , < 8.1.8 (custom) Affected: 8.2.0 , < unspecified (custom) Affected: unspecified , < 8.2.4 (custom) |
|
| Atlassian | Bitbucket Server |
Affected:
unspecified , < 7.6.16
(custom)
Affected: 7.7.0 , < unspecified (custom) Affected: 7.16.0 , < unspecified (custom) Affected: unspecified , < 7.17.8 (custom) Affected: 7.18.0 , < unspecified (custom) Affected: unspecified , < 7.19.5 (custom) Affected: 7.20.0 , < unspecified (custom) Affected: unspecified , < 7.20.2 (custom) Affected: 7.21.0 , < unspecified (custom) Affected: unspecified , < 7.21.2 (custom) Affected: 8.0.0 Affected: 8.1.0 |
|
| Atlassian | Bitbucket Data Center |
Affected:
unspecified , < 7.6.16
(custom)
Affected: 7.7.0 , < unspecified (custom) Affected: 7.16.0 , < unspecified (custom) Affected: unspecified , < 7.17.8 (custom) Affected: 7.18.0 , < unspecified (custom) Affected: unspecified , < 7.19.5 (custom) Affected: 7.20.0 , < unspecified (custom) Affected: unspecified , < 7.20.2 (custom) Affected: 7.21.0 , < unspecified (custom) Affected: unspecified , < 7.21.2 (custom) Affected: 8.0.0 Affected: 8.1.0 |
|
| Atlassian | Confluence Server |
Affected:
unspecified , < 7.4.17
(custom)
Affected: 7.5.0 , < unspecified (custom) Affected: unspecified , < 7.13.7 (custom) Affected: 7.14.0 , < unspecified (custom) Affected: unspecified , < 7.14.3 (custom) Affected: 7.15.0 , < unspecified (custom) Affected: unspecified , < 7.15.2 (custom) Affected: 7.16.0 , < unspecified (custom) Affected: unspecified , < 7.16.4 (custom) Affected: 7.17.0 , < unspecified (custom) Affected: unspecified , < 7.17.4 (custom) Affected: 7.18.0 |
|
| Atlassian | Confluence Data Center |
Affected:
unspecified , < 7.4.17
(custom)
Affected: 7.5.0 , < unspecified (custom) Affected: unspecified , < 7.13.7 (custom) Affected: 7.14.0 , < unspecified (custom) Affected: unspecified , < 7.14.3 (custom) Affected: 7.15.0 , < unspecified (custom) Affected: unspecified , < 7.15.2 (custom) Affected: 7.16.0 , < unspecified (custom) Affected: unspecified , < 7.16.4 (custom) Affected: 7.17.0 , < unspecified (custom) Affected: unspecified , < 7.17.4 (custom) Affected: 7.18.0 |
|
| Atlassian | Crowd Server |
Affected:
unspecified , < 4.3.8
(custom)
Affected: 4.4.0 , < unspecified (custom) Affected: unspecified , < 4.4.2 (custom) Affected: 5.0.0 |
|
| Atlassian | Crowd Data Center |
Affected:
unspecified , < 4.3.8
(custom)
Affected: 4.4.0 , < unspecified (custom) Affected: unspecified , < 4.4.2 (custom) Affected: 5.0.0 |
|
| Atlassian | Crucible |
Affected:
unspecified , < 4.8.10
(custom)
|
|
| Atlassian | Fisheye |
Affected:
unspecified , < 4.8.10
(custom)
|
|
| Atlassian | Jira Core Server |
Affected:
unspecified , < 8.13.22
(custom)
Affected: 8.14.0 , < unspecified (custom) Affected: unspecified , < 8.20.10 (custom) Affected: 8.21.0 , < unspecified (custom) Affected: unspecified , < 8.22.4 (custom) |
|
| Atlassian | Jira Software Server |
Affected:
unspecified , < 8.13.22
(custom)
Affected: 8.14.0 , < unspecified (custom) Affected: unspecified , < 8.20.10 (custom) Affected: 8.21.0 , < unspecified (custom) Affected: unspecified , < 8.22.4 (custom) |
|
| Atlassian | Jira Software Data Center |
Affected:
unspecified , < 8.13.22
(custom)
Affected: 8.14.0 , < unspecified (custom) Affected: unspecified , < 8.20.10 (custom) Affected: 8.21.0 , < unspecified (custom) Affected: unspecified , < 8.22.4 (custom) |
|
| Atlassian | Jira Service Management Server |
Affected:
unspecified , < 4.13.22
(custom)
Affected: 4.14.0 , < unspecified (custom) Affected: unspecified , < 4.20.10 (custom) Affected: 4.21.0 , < unspecified (custom) Affected: unspecified , < 4.22.4 (custom) |
|
| Atlassian | Jira Service Management Data Center |
Affected:
unspecified , < 4.13.22
(custom)
Affected: 4.14.0 , < unspecified (custom) Affected: unspecified , < 4.20.10 (custom) Affected: 4.21.0 , < unspecified (custom) Affected: unspecified , < 4.22.4 (custom) |
|
| atlassian | bamboo |
Affected:
7.2.0 , < 7.2.10
(custom)
Affected: 8.0.0 , < 8.0.9 (custom) Affected: 8.1.0 , < 8.1.8 (custom) Affected: 8.2.0 , < 8.2.4 (custom) cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:* |
|
| atlassian | bitbucket |
Affected:
0 , < 7.6.16
(custom)
Affected: 7.7.0 , < 7.17.8 (custom) Affected: 7.18.0 , < 7.19.5 (custom) Affected: 7.20.0 , < 7.20.2 (custom) Affected: 7.21.0 , < 7.21.2 (custom) cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:* |
|
| atlassian | bitbucket |
Affected:
8.0.0
Affected: 8.1.0 cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:* |
|
| atlassian | confluence_data_center |
Affected:
0 , < 7.4.17
(custom)
Affected: 7.5.0 , < 7.13.7 (custom) Affected: 7.14.0 , < 7.14.3 (custom) Affected: 7.15.0 , < 7.15.2 (custom) Affected: 7.16.0 , < 7.16.4 (custom) Affected: 7.17.0 , < 7.17.4 (custom) cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* |
|
| atlassian | confluence_data_center |
Affected:
7.18.0
cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:* |
|
| atlassian | confluence_server |
Affected:
0 , < 7.4.17
(custom)
Affected: 7.5.0 , < 7.13.7 (custom) Affected: 7.14.0 , < 7.14.3 (custom) Affected: 7.15.0 , < 7.15.2 (custom) Affected: 7.16.0 , < 7.16.4 (custom) Affected: 7.17.0 , < 7.17.4 (custom) cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:* |
|
| atlassian | confluence_server |
Affected:
7.18.0
cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:* |
|
| atlassian | crowd |
Affected:
0 , < 4.3.8
(custom)
Affected: 4.4.0 , < 4.4.2 (custom) cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* |
|
| atlassian | crowd |
Affected:
5.0.0
cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:* |
|
| atlassian | crucible |
Affected:
0 , < 4.8.10
(custom)
cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:* |
|
| atlassian | fisheye |
Affected:
0 , < 4.8.10
(custom)
cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:* |
|
| atlassian | jira_data_center |
Affected:
8.13.0 , < 8.13.22
(custom)
Affected: 8.14.0 , < 8.20.10 (custom) Affected: 8.21.0 , < 8.22.4 (custom) cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* |
|
| atlassian | jira_server |
Affected:
8.13.0 , < 8.13.22
(custom)
Affected: 8.14.0 , < 8.20.10 (custom) Affected: 8.21.0 , < 8.22.4 (custom) cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* |
|
| atlassian | jira_service_desk |
Affected:
0 , < 4.13.22
(custom)
cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:* |
|
| atlassian | jira_service_desk |
Affected:
0 , < 4.13.22
(custom)
cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:* |
|
| atlassian | jira_service_management |
Affected:
4.14.0 , < 4.20.10
(custom)
Affected: 4.21.0 , < 4.22.4 (custom) cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:* |
|
| atlassian | jira_service_management |
Affected:
4.14.0 , < 4.20.10
(custom)
Affected: 4.21.0 , < 4.22.4 (custom) cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:* |
Date Public
2022-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/BAM-21795"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/BSERV-13370"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CWD-5815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/FE-7410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/CRUC-8541"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-73897"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bamboo",
"vendor": "atlassian",
"versions": [
{
"lessThan": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThan": "8.0.9",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
},
{
"lessThan": "8.1.8",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThan": "8.2.4",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitbucket",
"vendor": "atlassian",
"versions": [
{
"lessThan": "7.6.16",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.17.8",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
},
{
"lessThan": "7.19.5",
"status": "affected",
"version": "7.18.0",
"versionType": "custom"
},
{
"lessThan": "7.20.2",
"status": "affected",
"version": "7.20.0",
"versionType": "custom"
},
{
"lessThan": "7.21.2",
"status": "affected",
"version": "7.21.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bitbucket",
"vendor": "atlassian",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "confluence_data_center",
"vendor": "atlassian",
"versions": [
{
"lessThan": "7.4.17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.13.7",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
},
{
"lessThan": "7.14.3",
"status": "affected",
"version": "7.14.0",
"versionType": "custom"
},
{
"lessThan": "7.15.2",
"status": "affected",
"version": "7.15.0",
"versionType": "custom"
},
{
"lessThan": "7.16.4",
"status": "affected",
"version": "7.16.0",
"versionType": "custom"
},
{
"lessThan": "7.17.4",
"status": "affected",
"version": "7.17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "confluence_data_center",
"vendor": "atlassian",
"versions": [
{
"status": "affected",
"version": "7.18.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "confluence_server",
"vendor": "atlassian",
"versions": [
{
"lessThan": "7.4.17",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.13.7",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
},
{
"lessThan": "7.14.3",
"status": "affected",
"version": "7.14.0",
"versionType": "custom"
},
{
"lessThan": "7.15.2",
"status": "affected",
"version": "7.15.0",
"versionType": "custom"
},
{
"lessThan": "7.16.4",
"status": "affected",
"version": "7.16.0",
"versionType": "custom"
},
{
"lessThan": "7.17.4",
"status": "affected",
"version": "7.17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "confluence_server",
"vendor": "atlassian",
"versions": [
{
"status": "affected",
"version": "7.18.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crowd",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.3.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.4.2",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crowd",
"vendor": "atlassian",
"versions": [
{
"status": "affected",
"version": "5.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crucible",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.8.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fisheye",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.8.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_data_center",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.13.22",
"status": "affected",
"version": "8.13.0",
"versionType": "custom"
},
{
"lessThan": "8.20.10",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.22.4",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_server",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.13.22",
"status": "affected",
"version": "8.13.0",
"versionType": "custom"
},
{
"lessThan": "8.20.10",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.22.4",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_service_desk",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.13.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_service_desk",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.13.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_service_management",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.20.10",
"status": "affected",
"version": "4.14.0",
"versionType": "custom"
},
{
"lessThan": "4.22.4",
"status": "affected",
"version": "4.21.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_service_management",
"vendor": "atlassian",
"versions": [
{
"lessThan": "4.20.10",
"status": "affected",
"version": "4.14.0",
"versionType": "custom"
},
{
"lessThan": "4.22.4",
"status": "affected",
"version": "4.21.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-26136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T15:26:49.090400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T16:43:16.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Bamboo Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThan": "8.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"lessThan": "8.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Bamboo Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThan": "8.1.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"lessThan": "8.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Bitbucket Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "7.6.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.16.0",
"versionType": "custom"
},
{
"lessThan": "7.17.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.18.0",
"versionType": "custom"
},
{
"lessThan": "7.19.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.20.0",
"versionType": "custom"
},
{
"lessThan": "7.20.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.21.0",
"versionType": "custom"
},
{
"lessThan": "7.21.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "Bitbucket Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "7.6.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.7.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.16.0",
"versionType": "custom"
},
{
"lessThan": "7.17.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.18.0",
"versionType": "custom"
},
{
"lessThan": "7.19.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.20.0",
"versionType": "custom"
},
{
"lessThan": "7.20.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.21.0",
"versionType": "custom"
},
{
"lessThan": "7.21.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.1.0"
}
]
},
{
"product": "Confluence Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "7.4.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
},
{
"lessThan": "7.13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.14.0",
"versionType": "custom"
},
{
"lessThan": "7.14.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.15.0",
"versionType": "custom"
},
{
"lessThan": "7.15.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.16.0",
"versionType": "custom"
},
{
"lessThan": "7.16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.17.0",
"versionType": "custom"
},
{
"lessThan": "7.17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.18.0"
}
]
},
{
"product": "Confluence Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "7.4.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.5.0",
"versionType": "custom"
},
{
"lessThan": "7.13.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.14.0",
"versionType": "custom"
},
{
"lessThan": "7.14.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.15.0",
"versionType": "custom"
},
{
"lessThan": "7.15.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.16.0",
"versionType": "custom"
},
{
"lessThan": "7.16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "7.17.0",
"versionType": "custom"
},
{
"lessThan": "7.17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.18.0"
}
]
},
{
"product": "Crowd Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
},
{
"lessThan": "4.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.0.0"
}
]
},
{
"product": "Crowd Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
},
{
"lessThan": "4.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.0.0"
}
]
},
{
"product": "Crucible",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Fisheye",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.8.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Core Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.13.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.20.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
},
{
"lessThan": "8.22.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Software Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.13.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.20.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
},
{
"lessThan": "8.22.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Software Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.13.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.20.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
},
{
"lessThan": "8.22.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Service Management Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.13.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.14.0",
"versionType": "custom"
},
{
"lessThan": "4.20.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.21.0",
"versionType": "custom"
},
{
"lessThan": "4.22.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Service Management Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.13.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.14.0",
"versionType": "custom"
},
{
"lessThan": "4.20.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.21.0",
"versionType": "custom"
},
{
"lessThan": "4.22.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-180",
"description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T17:25:18.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/BAM-21795"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/BSERV-13370"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CWD-5815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/FE-7410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/CRUC-8541"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-73897"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2022-07-20T00:00:00",
"ID": "CVE-2022-26136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bamboo Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.0.9"
},
{
"version_affected": "\u003e=",
"version_value": "8.1.0"
},
{
"version_affected": "\u003c",
"version_value": "8.1.8"
},
{
"version_affected": "\u003e=",
"version_value": "8.2.0"
},
{
"version_affected": "\u003c",
"version_value": "8.2.4"
}
]
}
},
{
"product_name": "Bamboo Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.0.9"
},
{
"version_affected": "\u003e=",
"version_value": "8.1.0"
},
{
"version_affected": "\u003c",
"version_value": "8.1.8"
},
{
"version_affected": "\u003e=",
"version_value": "8.2.0"
},
{
"version_affected": "\u003c",
"version_value": "8.2.4"
}
]
}
},
{
"product_name": "Bitbucket Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.6.16"
},
{
"version_affected": "\u003e=",
"version_value": "7.7.0"
},
{
"version_affected": "\u003e=",
"version_value": "7.16.0"
},
{
"version_affected": "\u003c",
"version_value": "7.17.8"
},
{
"version_affected": "\u003e=",
"version_value": "7.18.0"
},
{
"version_affected": "\u003c",
"version_value": "7.19.5"
},
{
"version_affected": "\u003e=",
"version_value": "7.20.0"
},
{
"version_affected": "\u003c",
"version_value": "7.20.2"
},
{
"version_affected": "\u003e=",
"version_value": "7.21.0"
},
{
"version_affected": "\u003c",
"version_value": "7.21.2"
},
{
"version_affected": "=",
"version_value": "8.0.0"
},
{
"version_affected": "=",
"version_value": "8.1.0"
}
]
}
},
{
"product_name": "Bitbucket Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.6.16"
},
{
"version_affected": "\u003e=",
"version_value": "7.7.0"
},
{
"version_affected": "\u003e=",
"version_value": "7.16.0"
},
{
"version_affected": "\u003c",
"version_value": "7.17.8"
},
{
"version_affected": "\u003e=",
"version_value": "7.18.0"
},
{
"version_affected": "\u003c",
"version_value": "7.19.5"
},
{
"version_affected": "\u003e=",
"version_value": "7.20.0"
},
{
"version_affected": "\u003c",
"version_value": "7.20.2"
},
{
"version_affected": "\u003e=",
"version_value": "7.21.0"
},
{
"version_affected": "\u003c",
"version_value": "7.21.2"
},
{
"version_affected": "=",
"version_value": "8.0.0"
},
{
"version_affected": "=",
"version_value": "8.1.0"
}
]
}
},
{
"product_name": "Confluence Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.4.17"
},
{
"version_affected": "\u003e=",
"version_value": "7.5.0"
},
{
"version_affected": "\u003c",
"version_value": "7.13.7"
},
{
"version_affected": "\u003e=",
"version_value": "7.14.0"
},
{
"version_affected": "\u003c",
"version_value": "7.14.3"
},
{
"version_affected": "\u003e=",
"version_value": "7.15.0"
},
{
"version_affected": "\u003c",
"version_value": "7.15.2"
},
{
"version_affected": "\u003e=",
"version_value": "7.16.0"
},
{
"version_affected": "\u003c",
"version_value": "7.16.4"
},
{
"version_affected": "\u003e=",
"version_value": "7.17.0"
},
{
"version_affected": "\u003c",
"version_value": "7.17.4"
},
{
"version_affected": "=",
"version_value": "7.18.0"
}
]
}
},
{
"product_name": "Confluence Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.4.17"
},
{
"version_affected": "\u003e=",
"version_value": "7.5.0"
},
{
"version_affected": "\u003c",
"version_value": "7.13.7"
},
{
"version_affected": "\u003e=",
"version_value": "7.14.0"
},
{
"version_affected": "\u003c",
"version_value": "7.14.3"
},
{
"version_affected": "\u003e=",
"version_value": "7.15.0"
},
{
"version_affected": "\u003c",
"version_value": "7.15.2"
},
{
"version_affected": "\u003e=",
"version_value": "7.16.0"
},
{
"version_affected": "\u003c",
"version_value": "7.16.4"
},
{
"version_affected": "\u003e=",
"version_value": "7.17.0"
},
{
"version_affected": "\u003c",
"version_value": "7.17.4"
},
{
"version_affected": "=",
"version_value": "7.18.0"
}
]
}
},
{
"product_name": "Crowd Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.8"
},
{
"version_affected": "\u003e=",
"version_value": "4.4.0"
},
{
"version_affected": "\u003c",
"version_value": "4.4.2"
},
{
"version_affected": "=",
"version_value": "5.0.0"
}
]
}
},
{
"product_name": "Crowd Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.8"
},
{
"version_affected": "\u003e=",
"version_value": "4.4.0"
},
{
"version_affected": "\u003c",
"version_value": "4.4.2"
},
{
"version_affected": "=",
"version_value": "5.0.0"
}
]
}
},
{
"product_name": "Crucible",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.10"
}
]
}
},
{
"product_name": "Fisheye",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.8.10"
}
]
}
},
{
"product_name": "Jira Core Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.13.22"
},
{
"version_affected": "\u003e=",
"version_value": "8.14.0"
},
{
"version_affected": "\u003c",
"version_value": "8.20.10"
},
{
"version_affected": "\u003e=",
"version_value": "8.21.0"
},
{
"version_affected": "\u003c",
"version_value": "8.22.4"
}
]
}
},
{
"product_name": "Jira Software Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.13.22"
},
{
"version_affected": "\u003e=",
"version_value": "8.14.0"
},
{
"version_affected": "\u003c",
"version_value": "8.20.10"
},
{
"version_affected": "\u003e=",
"version_value": "8.21.0"
},
{
"version_affected": "\u003c",
"version_value": "8.22.4"
}
]
}
},
{
"product_name": "Jira Software Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.13.22"
},
{
"version_affected": "\u003e=",
"version_value": "8.14.0"
},
{
"version_affected": "\u003c",
"version_value": "8.20.10"
},
{
"version_affected": "\u003e=",
"version_value": "8.21.0"
},
{
"version_affected": "\u003c",
"version_value": "8.22.4"
}
]
}
},
{
"product_name": "Jira Service Management Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.13.22"
},
{
"version_affected": "\u003e=",
"version_value": "4.14.0"
},
{
"version_affected": "\u003c",
"version_value": "4.20.10"
},
{
"version_affected": "\u003e=",
"version_value": "4.21.0"
},
{
"version_affected": "\u003c",
"version_value": "4.22.4"
}
]
}
},
{
"product_name": "Jira Service Management Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.13.22"
},
{
"version_affected": "\u003e=",
"version_value": "4.14.0"
},
{
"version_affected": "\u003c",
"version_value": "4.20.10"
},
{
"version_affected": "\u003e=",
"version_value": "4.21.0"
},
{
"version_affected": "\u003c",
"version_value": "4.22.4"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/BAM-21795",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/BAM-21795"
},
{
"name": "https://jira.atlassian.com/browse/BSERV-13370",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/BSERV-13370"
},
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
},
{
"name": "https://jira.atlassian.com/browse/CWD-5815",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CWD-5815"
},
{
"name": "https://jira.atlassian.com/browse/FE-7410",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/FE-7410"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8541",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8541"
},
{
"name": "https://jira.atlassian.com/browse/JRASERVER-73897",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/JRASERVER-73897"
},
{
"name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2022-26136",
"datePublished": "2022-07-20T17:25:18.803Z",
"dateReserved": "2022-02-25T00:00:00.000Z",
"dateUpdated": "2024-10-03T16:43:16.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-26136",
"date": "2026-06-26",
"epss": "0.04244",
"percentile": "0.89779"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.2.0\", \"versionEndExcluding\": \"7.2.10\", \"matchCriteriaId\": \"218C960A-04C6-4242-BEBA-C81CF5F1F722\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.0.9\", \"matchCriteriaId\": \"E360CDE0-FD1E-4337-8268-DB89CF605EE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.1.0\", \"versionEndExcluding\": \"8.1.8\", \"matchCriteriaId\": \"C0913EE0-2046-4E7E-966D-DC894E34D12B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.2.0\", \"versionEndExcluding\": \"8.2.4\", \"matchCriteriaId\": \"D182C1B1-A5FF-4777-9835-4E9114BB68DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.6.16\", \"matchCriteriaId\": \"4DCD53E4-3169-4E8A-88D1-38BE51D09DD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.7.0\", \"versionEndExcluding\": \"7.17.8\", \"matchCriteriaId\": \"9B878E40-95A7-40A7-9C52-6BC0C2FD3F54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.18.0\", \"versionEndExcluding\": \"7.19.5\", \"matchCriteriaId\": \"46305D5A-7F7B-4A04-9DAD-E582D1193A7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.20.0\", \"versionEndExcluding\": \"7.20.2\", \"matchCriteriaId\": \"A96B135B-9272-457E-A557-6566554262D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.21.0\", \"versionEndExcluding\": \"7.21.2\", \"matchCriteriaId\": \"62956861-BEDE-40C8-B628-C831087E7BDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A85565F-3F80-4E00-A706-AB4B2EAA4AFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99E2E3C0-CDF0-4D79-80A6-85E71B947ED9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4.17\", \"matchCriteriaId\": \"1C543CA6-8E8A-476C-AB27-614DF4EC68A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.0\", \"versionEndExcluding\": \"7.13.7\", \"matchCriteriaId\": \"45FD913B-45DE-4CA8-9733-D62F54B19E74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.14.0\", \"versionEndExcluding\": \"7.14.3\", \"matchCriteriaId\": \"12E753EB-0D31-448B-B8DE-0A95434CC97C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.15.0\", \"versionEndExcluding\": \"7.15.2\", \"matchCriteriaId\": \"DE114494-74F0-454C-AAC4-8B8E5F1C67D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.16.0\", \"versionEndExcluding\": \"7.16.4\", \"matchCriteriaId\": \"90BB3572-29ED-415F-AD34-00EB76271F9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.17.0\", \"versionEndExcluding\": \"7.17.4\", \"matchCriteriaId\": \"30EF756A-B4E9-4E5D-BE6F-02CE95F12C9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A56B6A10-E23F-49EF-8C07-1AEDFCAE2788\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.4.17\", \"matchCriteriaId\": \"AE8BE634-1599-4790-9410-6CA43BC60C4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.5.0\", \"versionEndExcluding\": \"7.13.7\", \"matchCriteriaId\": \"52E68DFD-48F5-4949-AFEA-3829CA5DFC04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.14.0\", \"versionEndExcluding\": \"7.14.3\", \"matchCriteriaId\": \"5DCDEC6C-4515-4CAA-9D82-7BF68A3AAE7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.15.0\", \"versionEndExcluding\": \"7.15.2\", \"matchCriteriaId\": \"B9948F94-DF67-4E3C-8CD4-417D57FBC60F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.16.0\", \"versionEndExcluding\": \"7.16.4\", \"matchCriteriaId\": \"30E63ECB-85A8-4D41-A9B5-9FFF18D9CDB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.17.0\", \"versionEndExcluding\": \"7.17.4\", \"matchCriteriaId\": \"694171BD-FAE2-472C-8183-04BCA2F7B9A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AC5E81B-DA4B-45E7-9584-4B576E49FD8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.3.8\", \"matchCriteriaId\": \"EE028964-B3FC-4883-9967-68DE46EE7F6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4.0\", \"versionEndExcluding\": \"4.4.2\", \"matchCriteriaId\": \"57DC9E2A-4C89-420D-9330-F11E56BF2F83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C50A718F-C67B-4462-BB7E-F80408DEF07D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.8.10\", \"matchCriteriaId\": \"92329A2E-13E8-4818-85AB-3E7F479411EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.8.10\", \"matchCriteriaId\": \"30DDE751-CA88-4CFB-9E60-4243851B4B53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.13.0\", \"versionEndExcluding\": \"8.13.22\", \"matchCriteriaId\": \"D91B8507-A7A7-4B74-9999-F1DEA9F487A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.14.0\", \"versionEndExcluding\": \"8.20.10\", \"matchCriteriaId\": \"963AE427-2897-42CB-AE11-654D700E690B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.21.0\", \"versionEndExcluding\": \"8.22.4\", \"matchCriteriaId\": \"A7CD8891-BB97-4AD3-BEE4-6CCA0D8A2D85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.13.0\", \"versionEndExcluding\": \"8.13.22\", \"matchCriteriaId\": \"E73A5202-6114-48E6-8F9B-C03B2E707055\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.14.0\", \"versionEndExcluding\": \"8.20.10\", \"matchCriteriaId\": \"D22AB11D-1D73-45DC-803C-146EFED18CDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.21.0\", \"versionEndExcluding\": \"8.22.4\", \"matchCriteriaId\": \"BB2091E9-0B14-4786-852F-454C56D20839\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*\", \"versionEndExcluding\": \"4.13.22\", \"matchCriteriaId\": \"1451C219-8AAA-4165-AE2C-033EF7B6F93A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*\", \"versionEndExcluding\": \"4.13.22\", \"matchCriteriaId\": \"BD23F987-0F14-4938-BB51-4EE61C24EB62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\", \"versionStartIncluding\": \"4.14.0\", \"versionEndExcluding\": \"4.20.10\", \"matchCriteriaId\": \"39F77953-41D7-4398-9F07-2A057A993762\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\", \"versionStartIncluding\": \"4.14.0\", \"versionEndExcluding\": \"4.20.10\", \"matchCriteriaId\": \"CADBE0E7-36D9-4F6F-BEE6-A1E0B9428C2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\", \"versionStartIncluding\": \"4.21.0\", \"versionEndExcluding\": \"4.22.4\", \"matchCriteriaId\": \"DC0DB08B-2034-4691-A7B2-3E5F8B6318B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\", \"versionStartIncluding\": \"4.21.0\", \"versionEndExcluding\": \"4.22.4\", \"matchCriteriaId\": \"97A17BE7-7CCC-46D8-A317-53E2B026DF6E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en varios productos de Atlassian permite a un atacante remoto no autenticado omitir los filtros Servlet usados por aplicaciones de primera y tercera parte. El impacto depende de los filtros usados por cada aplicaci\\u00f3n y de c\\u00f3mo son usados los filtros. Esta vulnerabilidad puede resultar en una omisi\\u00f3n de la autenticaci\\u00f3n y un ataque de tipo cross-site scripting. Atlassian ha publicado actualizaciones que corrigen la causa principal de esta vulnerabilidad, pero no ha enumerado exhaustivamente todas las consecuencias potenciales de esta vulnerabilidad. Est\\u00e1n afectadas las versiones de Atlassian Bamboo anteriores a 8.0.9, desde 8.1.0 hasta 8.1.8, y desde la 8.2.0 hasta 8.2.4. Las versiones de Atlassian Bitbucket est\\u00e1n afectadas anteriores a 7.6.16, desde la 7.7.0 anteriores a 7.17.8, desde la 7.18.0 anteriores a 7.19.5, desde la 7.20.0 anteriores a 7.20.2, desde la 7.21.0 anteriores a 7.21.2, y las versiones 8.0.0 y 8.1.0. Est\\u00e1n afectadas las versiones de Atlassian Confluence anteriores a 7.4.17, desde la 7.5.0 anteriores a 7.13.7, desde la 7.14.0 anteriores a 7.14.3, desde la 7.15.0 anteriores a 7.15.2, desde la 7.16.0 anteriores a 7.16.4, desde la 7.17.0 anteriores a 7.17.4 y la versi\\u00f3n 7.21.0. Est\\u00e1n afectadas las versiones de Atlassian Crowd anteriores a 4.3.8, desde la 4.4.0 hasta 4.4.2, y la versi\\u00f3n 5.0.0. Est\\u00e1n afectadas las versiones de Atlassian Fisheye y Crucible anteriores a 4.8.10. Est\\u00e1n afectadas las versiones de Atlassian Jira anteriores a 8.13.22, desde la 8.14.0 hasta 8.20.10, y desde la 8.21.0 hasta 8.22.4. Las versiones de Atlassian Jira Service Management est\\u00e1n afectadas anteriores a 4.13.22, desde la 4.14.0 anteriores a 4.20.10, y desde la 4.21.0 anteriores a 4.22.4\"}]",
"id": "CVE-2022-26136",
"lastModified": "2024-11-21T06:53:30.297",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2022-07-20T18:15:08.487",
"references": "[{\"url\": \"https://jira.atlassian.com/browse/BAM-21795\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/BSERV-13370\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-79476\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CRUC-8541\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CWD-5815\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/FE-7410\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/JRASERVER-73897\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/JSDSERVER-11863\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/BAM-21795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/BSERV-13370\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-79476\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CRUC-8541\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/CWD-5815\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/FE-7410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/JRASERVER-73897\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://jira.atlassian.com/browse/JSDSERVER-11863\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@atlassian.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-180\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-26136\",\"sourceIdentifier\":\"security@atlassian.com\",\"published\":\"2022-07-20T18:15:08.487\",\"lastModified\":\"2026-06-17T04:34:45.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en varios productos de Atlassian permite a un atacante remoto no autenticado omitir los filtros Servlet usados por aplicaciones de primera y tercera parte. El impacto depende de los filtros usados por cada aplicaci\u00f3n y de c\u00f3mo son usados los filtros. Esta vulnerabilidad puede resultar en una omisi\u00f3n de la autenticaci\u00f3n y un ataque de tipo cross-site scripting. Atlassian ha publicado actualizaciones que corrigen la causa principal de esta vulnerabilidad, pero no ha enumerado exhaustivamente todas las consecuencias potenciales de esta vulnerabilidad. Est\u00e1n afectadas las versiones de Atlassian Bamboo anteriores a 8.0.9, desde 8.1.0 hasta 8.1.8, y desde la 8.2.0 hasta 8.2.4. Las versiones de Atlassian Bitbucket est\u00e1n afectadas anteriores a 7.6.16, desde la 7.7.0 anteriores a 7.17.8, desde la 7.18.0 anteriores a 7.19.5, desde la 7.20.0 anteriores a 7.20.2, desde la 7.21.0 anteriores a 7.21.2, y las versiones 8.0.0 y 8.1.0. Est\u00e1n afectadas las versiones de Atlassian Confluence anteriores a 7.4.17, desde la 7.5.0 anteriores a 7.13.7, desde la 7.14.0 anteriores a 7.14.3, desde la 7.15.0 anteriores a 7.15.2, desde la 7.16.0 anteriores a 7.16.4, desde la 7.17.0 anteriores a 7.17.4 y la versi\u00f3n 7.21.0. Est\u00e1n afectadas las versiones de Atlassian Crowd anteriores a 4.3.8, desde la 4.4.0 hasta 4.4.2, y la versi\u00f3n 5.0.0. Est\u00e1n afectadas las versiones de Atlassian Fisheye y Crucible anteriores a 4.8.10. Est\u00e1n afectadas las versiones de Atlassian Jira anteriores a 8.13.22, desde la 8.14.0 hasta 8.20.10, y desde la 8.21.0 hasta 8.22.4. Las versiones de Atlassian Jira Service Management est\u00e1n afectadas anteriores a 4.13.22, desde la 4.14.0 anteriores a 4.20.10, y desde la 4.21.0 anteriores a 4.22.4\"}],\"affected\":[{\"source\":\"security@atlassian.com\",\"affectedData\":[{\"vendor\":\"Atlassian\",\"product\":\"Bamboo Server\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"8.0.9\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.1.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.2.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.2.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Bamboo Data Center\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"8.0.9\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.1.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.2.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.2.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Bitbucket Server\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"7.6.16\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.7.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.16.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.17.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.18.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.19.5\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.20.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.20.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.21.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.21.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.0.0\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Bitbucket Data Center\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"7.6.16\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.7.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.16.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.17.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.18.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.19.5\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.20.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.20.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.21.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.21.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.0.0\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Confluence Server\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"7.4.17\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.5.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.13.7\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.14.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.14.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.15.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.15.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.16.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.16.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.17.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.17.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.18.0\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Confluence Data Center\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"7.4.17\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.5.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.13.7\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.14.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.14.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.15.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.15.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.16.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.16.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.17.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"7.17.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.18.0\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Crowd Server\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"4.3.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.4.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"4.4.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"5.0.0\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Crowd Data Center\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"4.3.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.4.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"4.4.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"5.0.0\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Crucible\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"4.8.10\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Fisheye\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"4.8.10\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Jira Core Server\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"8.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.14.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.21.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Jira Software Server\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"8.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.14.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.21.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Jira Software Data Center\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"8.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.14.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.21.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"8.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Jira Service Management Server\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"4.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.14.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"4.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.21.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"4.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Atlassian\",\"product\":\"Jira Service Management Data Center\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"4.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.14.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"4.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.21.0\",\"lessThan\":\"unspecified\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"unspecified\",\"lessThan\":\"4.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"atlassian\",\"product\":\"bamboo\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.2.0\",\"lessThan\":\"7.2.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.0.0\",\"lessThan\":\"8.0.9\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"lessThan\":\"8.1.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.2.0\",\"lessThan\":\"8.2.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"bitbucket\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"7.6.16\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.7.0\",\"lessThan\":\"7.17.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.18.0\",\"lessThan\":\"7.19.5\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.20.0\",\"lessThan\":\"7.20.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.21.0\",\"lessThan\":\"7.21.2\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"bitbucket\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*\",\"cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"8.0.0\",\"status\":\"affected\"},{\"version\":\"8.1.0\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"confluence_data_center\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"7.4.17\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.5.0\",\"lessThan\":\"7.13.7\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.14.0\",\"lessThan\":\"7.14.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.15.0\",\"lessThan\":\"7.15.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.16.0\",\"lessThan\":\"7.16.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.17.0\",\"lessThan\":\"7.17.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"confluence_data_center\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.18.0\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"confluence_server\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"7.4.17\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.5.0\",\"lessThan\":\"7.13.7\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.14.0\",\"lessThan\":\"7.14.3\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.15.0\",\"lessThan\":\"7.15.2\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.16.0\",\"lessThan\":\"7.16.4\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"7.17.0\",\"lessThan\":\"7.17.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"confluence_server\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"7.18.0\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"crowd\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.3.8\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.4.0\",\"lessThan\":\"4.4.2\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"crowd\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"5.0.0\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"crucible\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.8.10\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"fisheye\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.8.10\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"jira_data_center\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"8.13.0\",\"lessThan\":\"8.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.14.0\",\"lessThan\":\"8.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.21.0\",\"lessThan\":\"8.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"jira_server\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"8.13.0\",\"lessThan\":\"8.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.14.0\",\"lessThan\":\"8.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"8.21.0\",\"lessThan\":\"8.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"jira_service_desk\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"jira_service_desk\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"4.13.22\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"jira_service_management\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\"],\"versions\":[{\"version\":\"4.14.0\",\"lessThan\":\"4.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.21.0\",\"lessThan\":\"4.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"atlassian\",\"product\":\"jira_service_management\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\"],\"versions\":[{\"version\":\"4.14.0\",\"lessThan\":\"4.20.10\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"4.21.0\",\"lessThan\":\"4.22.4\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-10-03T15:26:49.090400Z\",\"id\":\"CVE-2022-26136\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@atlassian.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-180\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.10\",\"matchCriteriaId\":\"218C960A-04C6-4242-BEBA-C81CF5F1F722\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.9\",\"matchCriteriaId\":\"E360CDE0-FD1E-4337-8268-DB89CF605EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.8\",\"matchCriteriaId\":\"C0913EE0-2046-4E7E-966D-DC894E34D12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.4\",\"matchCriteriaId\":\"D182C1B1-A5FF-4777-9835-4E9114BB68DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.6.16\",\"matchCriteriaId\":\"4DCD53E4-3169-4E8A-88D1-38BE51D09DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.7.0\",\"versionEndExcluding\":\"7.17.8\",\"matchCriteriaId\":\"9B878E40-95A7-40A7-9C52-6BC0C2FD3F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.18.0\",\"versionEndExcluding\":\"7.19.5\",\"matchCriteriaId\":\"46305D5A-7F7B-4A04-9DAD-E582D1193A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.20.0\",\"versionEndExcluding\":\"7.20.2\",\"matchCriteriaId\":\"A96B135B-9272-457E-A557-6566554262D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.21.0\",\"versionEndExcluding\":\"7.21.2\",\"matchCriteriaId\":\"62956861-BEDE-40C8-B628-C831087E7BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A85565F-3F80-4E00-A706-AB4B2EAA4AFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E2E3C0-CDF0-4D79-80A6-85E71B947ED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.17\",\"matchCriteriaId\":\"1C543CA6-8E8A-476C-AB27-614DF4EC68A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.0\",\"versionEndExcluding\":\"7.13.7\",\"matchCriteriaId\":\"45FD913B-45DE-4CA8-9733-D62F54B19E74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.14.0\",\"versionEndExcluding\":\"7.14.3\",\"matchCriteriaId\":\"12E753EB-0D31-448B-B8DE-0A95434CC97C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.15.0\",\"versionEndExcluding\":\"7.15.2\",\"matchCriteriaId\":\"DE114494-74F0-454C-AAC4-8B8E5F1C67D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.16.0\",\"versionEndExcluding\":\"7.16.4\",\"matchCriteriaId\":\"90BB3572-29ED-415F-AD34-00EB76271F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.17.0\",\"versionEndExcluding\":\"7.17.4\",\"matchCriteriaId\":\"30EF756A-B4E9-4E5D-BE6F-02CE95F12C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56B6A10-E23F-49EF-8C07-1AEDFCAE2788\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.17\",\"matchCriteriaId\":\"AE8BE634-1599-4790-9410-6CA43BC60C4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.0\",\"versionEndExcluding\":\"7.13.7\",\"matchCriteriaId\":\"52E68DFD-48F5-4949-AFEA-3829CA5DFC04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.14.0\",\"versionEndExcluding\":\"7.14.3\",\"matchCriteriaId\":\"5DCDEC6C-4515-4CAA-9D82-7BF68A3AAE7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.15.0\",\"versionEndExcluding\":\"7.15.2\",\"matchCriteriaId\":\"B9948F94-DF67-4E3C-8CD4-417D57FBC60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.16.0\",\"versionEndExcluding\":\"7.16.4\",\"matchCriteriaId\":\"30E63ECB-85A8-4D41-A9B5-9FFF18D9CDB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.17.0\",\"versionEndExcluding\":\"7.17.4\",\"matchCriteriaId\":\"694171BD-FAE2-472C-8183-04BCA2F7B9A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AC5E81B-DA4B-45E7-9584-4B576E49FD8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.8\",\"matchCriteriaId\":\"EE028964-B3FC-4883-9967-68DE46EE7F6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.4.2\",\"matchCriteriaId\":\"57DC9E2A-4C89-420D-9330-F11E56BF2F83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C50A718F-C67B-4462-BB7E-F80408DEF07D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.10\",\"matchCriteriaId\":\"92329A2E-13E8-4818-85AB-3E7F479411EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8.10\",\"matchCriteriaId\":\"30DDE751-CA88-4CFB-9E60-4243851B4B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.13.0\",\"versionEndExcluding\":\"8.13.22\",\"matchCriteriaId\":\"D91B8507-A7A7-4B74-9999-F1DEA9F487A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.14.0\",\"versionEndExcluding\":\"8.20.10\",\"matchCriteriaId\":\"963AE427-2897-42CB-AE11-654D700E690B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.21.0\",\"versionEndExcluding\":\"8.22.4\",\"matchCriteriaId\":\"A7CD8891-BB97-4AD3-BEE4-6CCA0D8A2D85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.13.0\",\"versionEndExcluding\":\"8.13.22\",\"matchCriteriaId\":\"E73A5202-6114-48E6-8F9B-C03B2E707055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.14.0\",\"versionEndExcluding\":\"8.20.10\",\"matchCriteriaId\":\"D22AB11D-1D73-45DC-803C-146EFED18CDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.21.0\",\"versionEndExcluding\":\"8.22.4\",\"matchCriteriaId\":\"BB2091E9-0B14-4786-852F-454C56D20839\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*\",\"versionEndExcluding\":\"4.13.22\",\"matchCriteriaId\":\"1451C219-8AAA-4165-AE2C-033EF7B6F93A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*\",\"versionEndExcluding\":\"4.13.22\",\"matchCriteriaId\":\"BD23F987-0F14-4938-BB51-4EE61C24EB62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"4.14.0\",\"versionEndExcluding\":\"4.20.10\",\"matchCriteriaId\":\"39F77953-41D7-4398-9F07-2A057A993762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\",\"versionStartIncluding\":\"4.14.0\",\"versionEndExcluding\":\"4.20.10\",\"matchCriteriaId\":\"CADBE0E7-36D9-4F6F-BEE6-A1E0B9428C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\",\"versionStartIncluding\":\"4.21.0\",\"versionEndExcluding\":\"4.22.4\",\"matchCriteriaId\":\"DC0DB08B-2034-4691-A7B2-3E5F8B6318B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\",\"versionStartIncluding\":\"4.21.0\",\"versionEndExcluding\":\"4.22.4\",\"matchCriteriaId\":\"97A17BE7-7CCC-46D8-A317-53E2B026DF6E\"}]}]}],\"references\":[{\"url\":\"https://jira.atlassian.com/browse/BAM-21795\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/BSERV-13370\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-79476\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CRUC-8541\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CWD-5815\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/FE-7410\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/JRASERVER-73897\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/JSDSERVER-11863\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/BAM-21795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/BSERV-13370\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-79476\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CRUC-8541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CWD-5815\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/FE-7410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/JRASERVER-73897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/JSDSERVER-11863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://jira.atlassian.com/browse/BAM-21795\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.atlassian.com/browse/BSERV-13370\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-79476\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.atlassian.com/browse/CWD-5815\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.atlassian.com/browse/FE-7410\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.atlassian.com/browse/CRUC-8541\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.atlassian.com/browse/JRASERVER-73897\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.atlassian.com/browse/JSDSERVER-11863\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:56:37.592Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-26136\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T15:26:49.090400Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"bamboo\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"lessThan\": \"7.2.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.0.0\", \"lessThan\": \"8.0.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.1.0\", \"lessThan\": \"8.1.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"lessThan\": \"8.2.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"bitbucket\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.6.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.7.0\", \"lessThan\": \"7.17.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.18.0\", \"lessThan\": \"7.19.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.20.0\", \"lessThan\": \"7.20.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.21.0\", \"lessThan\": \"7.21.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"bitbucket\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\"}, {\"status\": \"affected\", \"version\": \"8.1.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"confluence_data_center\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.4.17\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"lessThan\": \"7.13.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.14.0\", \"lessThan\": \"7.14.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.15.0\", \"lessThan\": \"7.15.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.16.0\", \"lessThan\": \"7.16.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.17.0\", \"lessThan\": \"7.17.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"confluence_data_center\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.18.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"confluence_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.4.17\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"lessThan\": \"7.13.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.14.0\", \"lessThan\": \"7.14.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.15.0\", \"lessThan\": \"7.15.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.16.0\", \"lessThan\": \"7.16.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.17.0\", \"lessThan\": \"7.17.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"confluence_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.18.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"crowd\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.3.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"4.4.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"crowd\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"crucible\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.8.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"fisheye\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.8.10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"jira_data_center\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.13.0\", \"lessThan\": \"8.13.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"lessThan\": \"8.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.21.0\", \"lessThan\": \"8.22.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"jira_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.13.0\", \"lessThan\": \"8.13.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"lessThan\": \"8.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.21.0\", \"lessThan\": \"8.22.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"jira_service_desk\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.13.22\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"jira_service_desk\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.13.22\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"jira_service_management\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.14.0\", \"lessThan\": \"4.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.21.0\", \"lessThan\": \"4.22.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*\"], \"vendor\": \"atlassian\", \"product\": \"jira_service_management\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.14.0\", \"lessThan\": \"4.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.21.0\", \"lessThan\": \"4.22.4\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T15:54:32.628Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Bamboo Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.0.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.1.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.1.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.2.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Bamboo Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.0.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.1.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.1.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.2.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.2.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Bitbucket Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.6.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.7.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.16.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.17.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.18.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.19.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.20.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.20.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.21.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.21.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.0.0\"}, {\"status\": \"affected\", \"version\": \"8.1.0\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Bitbucket Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.6.16\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.7.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.16.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.17.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.18.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.19.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.20.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.20.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.21.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.21.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.0.0\"}, {\"status\": \"affected\", \"version\": \"8.1.0\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Confluence Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.4.17\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.13.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.14.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.15.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.15.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.16.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.16.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.17.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.17.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.18.0\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Confluence Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.4.17\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.13.7\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.14.3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.15.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.15.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.16.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.16.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.17.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.17.4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.18.0\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Crowd Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.3.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.4.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.0.0\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Crowd Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.3.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.4.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"5.0.0\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Crucible\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.8.10\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Fisheye\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.8.10\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Jira Core Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.13.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.21.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.22.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Jira Software Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.13.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.21.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.22.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Jira Software Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.13.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"8.21.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"8.22.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Jira Service Management Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.13.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.21.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.22.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Jira Service Management Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.13.22\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.20.10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.21.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"4.22.4\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2022-07-20T00:00:00.000Z\", \"references\": [{\"url\": \"https://jira.atlassian.com/browse/BAM-21795\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.atlassian.com/browse/BSERV-13370\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-79476\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.atlassian.com/browse/CWD-5815\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.atlassian.com/browse/FE-7410\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.atlassian.com/browse/CRUC-8541\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.atlassian.com/browse/JRASERVER-73897\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.atlassian.com/browse/JSDSERVER-11863\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-180\", \"description\": \"Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).\"}]}], \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2022-07-20T17:25:18.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"8.0.9\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.1.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.1.8\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.2.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.2.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Bamboo Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"8.0.9\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.1.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.1.8\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.2.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.2.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Bamboo Data Center\"}, {\"version\": {\"version_data\": [{\"version_value\": \"7.6.16\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.7.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.16.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.17.8\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.18.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.19.5\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.20.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.20.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.21.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.21.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.0.0\", \"version_affected\": \"=\"}, {\"version_value\": \"8.1.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"Bitbucket Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"7.6.16\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.7.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.16.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.17.8\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.18.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.19.5\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.20.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.20.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.21.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.21.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.0.0\", \"version_affected\": \"=\"}, {\"version_value\": \"8.1.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"Bitbucket Data Center\"}, {\"version\": {\"version_data\": [{\"version_value\": \"7.4.17\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.5.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.13.7\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.14.3\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.15.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.15.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.16.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.16.4\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.17.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.17.4\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.18.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"Confluence Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"7.4.17\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.5.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.13.7\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.14.3\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.15.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.15.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.16.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.16.4\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.17.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.17.4\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.18.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"Confluence Data Center\"}, {\"version\": {\"version_data\": [{\"version_value\": \"4.3.8\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.4.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"4.4.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"5.0.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"Crowd Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"4.3.8\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.4.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"4.4.2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"5.0.0\", \"version_affected\": \"=\"}]}, \"product_name\": \"Crowd Data Center\"}, {\"version\": {\"version_data\": [{\"version_value\": \"4.8.10\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Crucible\"}, {\"version\": {\"version_data\": [{\"version_value\": \"4.8.10\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Fisheye\"}, {\"version\": {\"version_data\": [{\"version_value\": \"8.13.22\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.20.10\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.21.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.22.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Jira Core Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"8.13.22\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.20.10\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.21.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.22.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Jira Software Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"8.13.22\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.20.10\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"8.21.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"8.22.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Jira Software Data Center\"}, {\"version\": {\"version_data\": [{\"version_value\": \"4.13.22\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"4.20.10\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.21.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"4.22.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Jira Service Management Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"4.13.22\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"4.20.10\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"4.21.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"4.22.4\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Jira Service Management Data Center\"}]}, \"vendor_name\": \"Atlassian\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://jira.atlassian.com/browse/BAM-21795\", \"name\": \"https://jira.atlassian.com/browse/BAM-21795\", \"refsource\": \"MISC\"}, {\"url\": \"https://jira.atlassian.com/browse/BSERV-13370\", \"name\": \"https://jira.atlassian.com/browse/BSERV-13370\", \"refsource\": \"MISC\"}, {\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-79476\", \"name\": \"https://jira.atlassian.com/browse/CONFSERVER-79476\", \"refsource\": \"MISC\"}, {\"url\": \"https://jira.atlassian.com/browse/CWD-5815\", \"name\": \"https://jira.atlassian.com/browse/CWD-5815\", \"refsource\": \"MISC\"}, {\"url\": \"https://jira.atlassian.com/browse/FE-7410\", \"name\": \"https://jira.atlassian.com/browse/FE-7410\", \"refsource\": \"MISC\"}, {\"url\": \"https://jira.atlassian.com/browse/CRUC-8541\", \"name\": \"https://jira.atlassian.com/browse/CRUC-8541\", \"refsource\": \"MISC\"}, {\"url\": \"https://jira.atlassian.com/browse/JRASERVER-73897\", \"name\": \"https://jira.atlassian.com/browse/JRASERVER-73897\", \"refsource\": \"MISC\"}, {\"url\": \"https://jira.atlassian.com/browse/JSDSERVER-11863\", \"name\": \"https://jira.atlassian.com/browse/JSDSERVER-11863\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-26136\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@atlassian.com\", \"DATE_PUBLIC\": \"2022-07-20T00:00:00\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-26136\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-03T16:43:16.268Z\", \"dateReserved\": \"2022-02-25T00:00:00.000Z\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"datePublished\": \"2022-07-20T17:25:18.803Z\", \"assignerShortName\": \"atlassian\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…