Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-26135

Published: 30/06/2022 Updated: 04/08/2022
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Jira Service Management

Vulnerability Summary

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 prior to 8.20.10, from version 8.21.0 prior to 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 prior to 4.13.22, from version 4.14.0 prior to 4.20.10 and from version 4.21.0 prior to 4.22.4.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian jira service management

atlassian jira data center

atlassian jira server

atlassian jira service desk

Github Repositories

https://github.com/safe3s/-CVE-2022-26135-

CVE-2022-26135

-CVE-2022-26135- CVE-2022-26135 CVE-2022-26135 poc wwwxusteducn/cve/indexjsp

https://github.com/safe3s/CVE-2022-26135

CVE-2022-26135

-CVE-2022-26135- CVE-2022-26135 CVE-2022-26135 poc wwwxusteducn/cve/indexjsp

https://github.com/assetnote/jira-mobile-ssrf-exploit

Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)

CVE-2022-26135 - Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server About Assetnote Assetnote automatically maps your external assets and monitors them for changes and security issues to help prevent serious breaches This research was performed by Assetnote's Security Research team You can read more about our product and our team at ht

References

CWE-918https://jira.atlassian.com/browse/JRASERVER-73863https://jira.atlassian.com/browse/JSDSERVER-11840https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022https://nvd.nist.govhttps://github.com/safe3s/-CVE-2022-26135-
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook