CVE-2022-0540

Description

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

Reserved 2022-02-08 | Published 2022-04-20 | Updated 2024-10-24 | Assigner atlassian

Problem types

Improper Authentication

Product status

Any version before 8.13.18
affected

8.14.0 before unspecified
affected

Any version before 8.20.6
affected

8.21.0 before unspecified
affected

Any version before 8.22.0
affected

Any version before 8.13.18
affected

8.14.0 before unspecified
affected

Any version before 8.20.6
affected

8.21.0 before unspecified
affected

Any version before 8.22.0
affected

Any version before 8.13.18
affected

8.14.0 before unspecified
affected

Any version before 8.20.6
affected

8.21.0 before unspecified
affected

Any version before 8.22.0
affected

Any version before 4.13.18
affected

4.14.0 before unspecified
affected

Any version before 4.20.6
affected

4.21.0 before unspecified
affected

Any version before 4.22.0
affected

Any version before 4.13.18
affected

4.14.0 before unspecified
affected

Any version before 4.20.6
affected

4.21.0 before unspecified
affected

Any version before 4.22.0
affected

References

confluence.atlassian.com/...ira+Security+Advisory+2022-04-20

jira.atlassian.com/browse/JRASERVER-73650

jira.atlassian.com/browse/JSDSERVER-11224

cve.org (CVE-2022-0540)

nvd.nist.gov (CVE-2022-0540)

Download JSON