9.8
CVE-2022-0540
- EPSS 92.14%
- Veröffentlicht 20.04.2022 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:38:52
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Jira Data Center Version < 8.13.8
Atlassian ≫ Jira Data Center Version >= 8.14.0 < 8.20.6
Atlassian ≫ Jira Data Center Version >= 8.21.0 < 8.22.0
Atlassian ≫ Jira Server Version < 8.13.8
Atlassian ≫ Jira Server Version >= 8.14.0 < 8.20.6
Atlassian ≫ Jira Server Version >= 8.21.0 < 8.22.0
Atlassian ≫ Jira Service Management SwEditionserver Version < 4.13.8
Atlassian ≫ Jira Service Management SwEditiondata_center Version < 4.13.18
Atlassian ≫ Jira Service Management SwEditiondata_center Version >= 4.14.0 < 4.20.6
Atlassian ≫ Jira Service Management SwEditionserver Version >= 4.14.0 < 4.20.6
Atlassian ≫ Jira Service Management SwEditiondata_center Version >= 4.21.0 < 4.22.0
Atlassian ≫ Jira Service Management SwEditionserver Version >= 4.21.0 < 4.22.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.14% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.