{"containers": {"cna": {"affected": [{"product": "Bamboo Server", "vendor": "Atlassian", "versions": [{"lessThan": "8.0.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.1.0", "versionType": "custom"}, {"lessThan": "8.1.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.2.0", "versionType": "custom"}, {"lessThan": "8.2.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Bamboo Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "8.0.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.1.0", "versionType": "custom"}, {"lessThan": "8.1.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.2.0", "versionType": "custom"}, {"lessThan": "8.2.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Bitbucket Server", "vendor": "Atlassian", "versions": [{"lessThan": "7.6.16", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.7.0", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.16.0", "versionType": "custom"}, {"lessThan": "7.17.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.18.0", "versionType": "custom"}, {"lessThan": "7.19.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.20.0", "versionType": "custom"}, {"lessThan": "7.20.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.21.0", "versionType": "custom"}, {"lessThan": "7.21.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "8.1.0"}]}, {"product": "Bitbucket Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "7.6.16", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.7.0", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.16.0", "versionType": "custom"}, {"lessThan": "7.17.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.18.0", "versionType": "custom"}, {"lessThan": "7.19.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.20.0", "versionType": "custom"}, {"lessThan": "7.20.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.21.0", "versionType": "custom"}, {"lessThan": "7.21.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "8.1.0"}]}, {"product": "Confluence Server", "vendor": "Atlassian", "versions": [{"lessThan": "7.4.17", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.5.0", "versionType": "custom"}, {"lessThan": "7.13.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.14.0", "versionType": "custom"}, {"lessThan": "7.14.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.15.0", "versionType": "custom"}, {"lessThan": "7.15.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.16.0", "versionType": "custom"}, {"lessThan": "7.16.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.17.0", "versionType": "custom"}, {"lessThan": "7.17.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.18.0"}]}, {"product": "Confluence Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "7.4.17", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.5.0", "versionType": "custom"}, {"lessThan": "7.13.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.14.0", "versionType": "custom"}, {"lessThan": "7.14.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.15.0", "versionType": "custom"}, {"lessThan": "7.15.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.16.0", "versionType": "custom"}, {"lessThan": "7.16.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.17.0", "versionType": "custom"}, {"lessThan": "7.17.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.18.0"}]}, {"product": "Crowd Server", "vendor": "Atlassian", "versions": [{"lessThan": "4.3.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.4.0", "versionType": "custom"}, {"lessThan": "4.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "5.0.0"}]}, {"product": "Crowd Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "4.3.8", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.4.0", "versionType": "custom"}, {"lessThan": "4.4.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "5.0.0"}]}, {"product": "Crucible", "vendor": "Atlassian", "versions": [{"lessThan": "4.8.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Fisheye", "vendor": "Atlassian", "versions": [{"lessThan": "4.8.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Core Server", "vendor": "Atlassian", "versions": [{"lessThan": "8.13.22", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.14.0", "versionType": "custom"}, {"lessThan": "8.20.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.21.0", "versionType": "custom"}, {"lessThan": "8.22.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Software Server", "vendor": "Atlassian", "versions": [{"lessThan": "8.13.22", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.14.0", "versionType": "custom"}, {"lessThan": "8.20.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.21.0", "versionType": "custom"}, {"lessThan": "8.22.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Software Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "8.13.22", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.14.0", "versionType": "custom"}, {"lessThan": "8.20.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.21.0", "versionType": "custom"}, {"lessThan": "8.22.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Service Management Server", "vendor": "Atlassian", "versions": [{"lessThan": "4.13.22", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.14.0", "versionType": "custom"}, {"lessThan": "4.20.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.21.0", "versionType": "custom"}, {"lessThan": "4.22.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Service Management Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "4.13.22", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.14.0", "versionType": "custom"}, {"lessThan": "4.20.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.21.0", "versionType": "custom"}, {"lessThan": "4.22.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-180", "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-20T17:25:18", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/BAM-21795"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/BSERV-13370"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/CWD-5815"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/FE-7410"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/CRUC-8541"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-73897"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2022-07-20T00:00:00", "ID": "CVE-2022-26136", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bamboo Server", "version": {"version_data": [{"version_affected": "<", "version_value": "8.0.9"}, {"version_affected": ">=", "version_value": "8.1.0"}, {"version_affected": "<", "version_value": "8.1.8"}, {"version_affected": ">=", "version_value": "8.2.0"}, {"version_affected": "<", "version_value": "8.2.4"}]}}, {"product_name": "Bamboo Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "8.0.9"}, {"version_affected": ">=", "version_value": "8.1.0"}, {"version_affected": "<", "version_value": "8.1.8"}, {"version_affected": ">=", "version_value": "8.2.0"}, {"version_affected": "<", "version_value": "8.2.4"}]}}, {"product_name": "Bitbucket Server", "version": {"version_data": [{"version_affected": "<", "version_value": "7.6.16"}, {"version_affected": ">=", "version_value": "7.7.0"}, {"version_affected": ">=", "version_value": "7.16.0"}, {"version_affected": "<", "version_value": "7.17.8"}, {"version_affected": ">=", "version_value": "7.18.0"}, {"version_affected": "<", "version_value": "7.19.5"}, {"version_affected": ">=", "version_value": "7.20.0"}, {"version_affected": "<", "version_value": "7.20.2"}, {"version_affected": ">=", "version_value": "7.21.0"}, {"version_affected": "<", "version_value": "7.21.2"}, {"version_affected": "=", "version_value": "8.0.0"}, {"version_affected": "=", "version_value": "8.1.0"}]}}, {"product_name": "Bitbucket Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "7.6.16"}, {"version_affected": ">=", "version_value": "7.7.0"}, {"version_affected": ">=", "version_value": "7.16.0"}, {"version_affected": "<", "version_value": "7.17.8"}, {"version_affected": ">=", "version_value": "7.18.0"}, {"version_affected": "<", "version_value": "7.19.5"}, {"version_affected": ">=", "version_value": "7.20.0"}, {"version_affected": "<", "version_value": "7.20.2"}, {"version_affected": ">=", "version_value": "7.21.0"}, {"version_affected": "<", "version_value": "7.21.2"}, {"version_affected": "=", "version_value": "8.0.0"}, {"version_affected": "=", "version_value": "8.1.0"}]}}, {"product_name": "Confluence Server", "version": {"version_data": [{"version_affected": "<", "version_value": "7.4.17"}, {"version_affected": ">=", "version_value": "7.5.0"}, {"version_affected": "<", "version_value": "7.13.7"}, {"version_affected": ">=", "version_value": "7.14.0"}, {"version_affected": "<", "version_value": "7.14.3"}, {"version_affected": ">=", "version_value": "7.15.0"}, {"version_affected": "<", "version_value": "7.15.2"}, {"version_affected": ">=", "version_value": "7.16.0"}, {"version_affected": "<", "version_value": "7.16.4"}, {"version_affected": ">=", "version_value": "7.17.0"}, {"version_affected": "<", "version_value": "7.17.4"}, {"version_affected": "=", "version_value": "7.18.0"}]}}, {"product_name": "Confluence Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "7.4.17"}, {"version_affected": ">=", "version_value": "7.5.0"}, {"version_affected": "<", "version_value": "7.13.7"}, {"version_affected": ">=", "version_value": "7.14.0"}, {"version_affected": "<", "version_value": "7.14.3"}, {"version_affected": ">=", "version_value": "7.15.0"}, {"version_affected": "<", "version_value": "7.15.2"}, {"version_affected": ">=", "version_value": "7.16.0"}, {"version_affected": "<", "version_value": "7.16.4"}, {"version_affected": ">=", "version_value": "7.17.0"}, {"version_affected": "<", "version_value": "7.17.4"}, {"version_affected": "=", "version_value": "7.18.0"}]}}, {"product_name": "Crowd Server", "version": {"version_data": [{"version_affected": "<", "version_value": "4.3.8"}, {"version_affected": ">=", "version_value": "4.4.0"}, {"version_affected": "<", "version_value": "4.4.2"}, {"version_affected": "=", "version_value": "5.0.0"}]}}, {"product_name": "Crowd Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "4.3.8"}, {"version_affected": ">=", "version_value": "4.4.0"}, {"version_affected": "<", "version_value": "4.4.2"}, {"version_affected": "=", "version_value": "5.0.0"}]}}, {"product_name": "Crucible", "version": {"version_data": [{"version_affected": "<", "version_value": "4.8.10"}]}}, {"product_name": "Fisheye", "version": {"version_data": [{"version_affected": "<", "version_value": "4.8.10"}]}}, {"product_name": "Jira Core Server", "version": {"version_data": [{"version_affected": "<", "version_value": "8.13.22"}, {"version_affected": ">=", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.20.10"}, {"version_affected": ">=", "version_value": "8.21.0"}, {"version_affected": "<", "version_value": "8.22.4"}]}}, {"product_name": "Jira Software Server", "version": {"version_data": [{"version_affected": "<", "version_value": "8.13.22"}, {"version_affected": ">=", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.20.10"}, {"version_affected": ">=", "version_value": "8.21.0"}, {"version_affected": "<", "version_value": "8.22.4"}]}}, {"product_name": "Jira Software Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "8.13.22"}, {"version_affected": ">=", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.20.10"}, {"version_affected": ">=", "version_value": "8.21.0"}, {"version_affected": "<", "version_value": "8.22.4"}]}}, {"product_name": "Jira Service Management Server", "version": {"version_data": [{"version_affected": "<", "version_value": "4.13.22"}, {"version_affected": ">=", "version_value": "4.14.0"}, {"version_affected": "<", "version_value": "4.20.10"}, {"version_affected": ">=", "version_value": "4.21.0"}, {"version_affected": "<", "version_value": "4.22.4"}]}}, {"product_name": "Jira Service Management Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "4.13.22"}, {"version_affected": ">=", "version_value": "4.14.0"}, {"version_affected": "<", "version_value": "4.20.10"}, {"version_affected": ">=", "version_value": "4.21.0"}, {"version_affected": "<", "version_value": "4.22.4"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/BAM-21795", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/BAM-21795"}, {"name": "https://jira.atlassian.com/browse/BSERV-13370", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/BSERV-13370"}, {"name": "https://jira.atlassian.com/browse/CONFSERVER-79476", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"}, {"name": "https://jira.atlassian.com/browse/CWD-5815", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CWD-5815"}, {"name": "https://jira.atlassian.com/browse/FE-7410", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/FE-7410"}, {"name": "https://jira.atlassian.com/browse/CRUC-8541", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CRUC-8541"}, {"name": "https://jira.atlassian.com/browse/JRASERVER-73897", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-73897"}, {"name": "https://jira.atlassian.com/browse/JSDSERVER-11863", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:56:37.592Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/BAM-21795"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/BSERV-13370"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/CWD-5815"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/FE-7410"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/CRUC-8541"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-73897"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"}]}, {"affected": [{"vendor": "atlassian", "product": "bamboo", "cpes": ["cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.2.0", "status": "affected", "lessThan": "7.2.10", "versionType": "custom"}, {"version": "8.0.0", "status": "affected", "lessThan": "8.0.9", "versionType": "custom"}, {"version": "8.1.0", "status": "affected", "lessThan": "8.1.8", "versionType": "custom"}, {"version": "8.2.0", "status": "affected", "lessThan": "8.2.4", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "bitbucket", "cpes": ["cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "7.6.16", "versionType": "custom"}, {"version": "7.7.0", "status": "affected", "lessThan": "7.17.8", "versionType": "custom"}, {"version": "7.18.0", "status": "affected", "lessThan": "7.19.5", "versionType": "custom"}, {"version": "7.20.0", "status": "affected", "lessThan": "7.20.2", "versionType": "custom"}, {"version": "7.21.0", "status": "affected", "lessThan": "7.21.2", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "bitbucket", "cpes": ["cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.0.0", "status": "affected"}, {"version": "8.1.0", "status": "affected"}]}, {"vendor": "atlassian", "product": "confluence_data_center", "cpes": ["cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "7.4.17", "versionType": "custom"}, {"version": "7.5.0", "status": "affected", "lessThan": "7.13.7", "versionType": "custom"}, {"version": "7.14.0", "status": "affected", "lessThan": "7.14.3", "versionType": "custom"}, {"version": "7.15.0", "status": "affected", "lessThan": "7.15.2", "versionType": "custom"}, {"version": "7.16.0", "status": "affected", "lessThan": "7.16.4", "versionType": "custom"}, {"version": "7.17.0", "status": "affected", "lessThan": "7.17.4", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "confluence_data_center", "cpes": ["cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.18.0", "status": "affected"}]}, {"vendor": "atlassian", "product": "confluence_server", "cpes": ["cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "7.4.17", "versionType": "custom"}, {"version": "7.5.0", "status": "affected", "lessThan": "7.13.7", "versionType": "custom"}, {"version": "7.14.0", "status": "affected", "lessThan": "7.14.3", "versionType": "custom"}, {"version": "7.15.0", "status": "affected", "lessThan": "7.15.2", "versionType": "custom"}, {"version": "7.16.0", "status": "affected", "lessThan": "7.16.4", "versionType": "custom"}, {"version": "7.17.0", "status": "affected", "lessThan": "7.17.4", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "confluence_server", "cpes": ["cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.18.0", "status": "affected"}]}, {"vendor": "atlassian", "product": "crowd", "cpes": ["cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.3.8", "versionType": "custom"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.2", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "crowd", "cpes": ["cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.0.0", "status": "affected"}]}, {"vendor": "atlassian", "product": "crucible", "cpes": ["cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.8.10", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "fisheye", "cpes": ["cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.8.10", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_data_center", "cpes": ["cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.13.0", "status": "affected", "lessThan": "8.13.22", "versionType": "custom"}, {"version": "8.14.0", "status": "affected", "lessThan": "8.20.10", "versionType": "custom"}, {"version": "8.21.0", "status": "affected", "lessThan": "8.22.4", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_server", "cpes": ["cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.13.0", "status": "affected", "lessThan": "8.13.22", "versionType": "custom"}, {"version": "8.14.0", "status": "affected", "lessThan": "8.20.10", "versionType": "custom"}, {"version": "8.21.0", "status": "affected", "lessThan": "8.22.4", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_service_desk", "cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.13.22", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_service_desk", "cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.13.22", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_service_management", "cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.14.0", "status": "affected", "lessThan": "4.20.10", "versionType": "custom"}, {"version": "4.21.0", "status": "affected", "lessThan": "4.22.4", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_service_management", "cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.14.0", "status": "affected", "lessThan": "4.20.10", "versionType": "custom"}, {"version": "4.21.0", "status": "affected", "lessThan": "4.22.4", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T15:26:49.090400Z", "id": "CVE-2022-26136", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T16:43:16.268Z"}}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2022-26136", "datePublished": "2022-07-20T17:25:18.803466Z", "dateReserved": "2022-02-25T00:00:00", "dateUpdated": "2024-10-03T16:43:16.268Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jira.atlassian.com/browse/BAM-21795", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.atlassian.com/browse/BSERV-13370", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.atlassian.com/browse/CONFSERVER-79476", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.atlassian.com/browse/CWD-5815", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.atlassian.com/browse/FE-7410", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.atlassian.com/browse/CRUC-8541", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.atlassian.com/browse/JRASERVER-73897", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.atlassian.com/browse/JSDSERVER-11863", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:56:37.592Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-26136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-03T15:26:49.090400Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "bamboo", "versions": [{"status": "affected", "version": "7.2.0", "lessThan": "7.2.10", "versionType": "custom"}, {"status": "affected", "version": "8.0.0", "lessThan": "8.0.9", "versionType": "custom"}, {"status": "affected", "version": "8.1.0", "lessThan": "8.1.8", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "bitbucket", "versions": [{"status": "affected", "version": "0", "lessThan": "7.6.16", "versionType": "custom"}, {"status": "affected", "version": "7.7.0", "lessThan": "7.17.8", "versionType": "custom"}, {"status": "affected", "version": "7.18.0", "lessThan": "7.19.5", "versionType": "custom"}, {"status": "affected", "version": "7.20.0", "lessThan": "7.20.2", "versionType": "custom"}, {"status": "affected", "version": "7.21.0", "lessThan": "7.21.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "bitbucket", "versions": [{"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "8.1.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "confluence_data_center", "versions": [{"status": "affected", "version": "0", "lessThan": "7.4.17", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "7.13.7", "versionType": "custom"}, {"status": "affected", "version": "7.14.0", "lessThan": "7.14.3", "versionType": "custom"}, {"status": "affected", "version": "7.15.0", "lessThan": "7.15.2", "versionType": "custom"}, {"status": "affected", "version": "7.16.0", "lessThan": "7.16.4", "versionType": "custom"}, {"status": "affected", "version": "7.17.0", "lessThan": "7.17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "confluence_data_center", "versions": [{"status": "affected", "version": "7.18.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "confluence_server", "versions": [{"status": "affected", "version": "0", "lessThan": "7.4.17", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "7.13.7", "versionType": "custom"}, {"status": "affected", "version": "7.14.0", "lessThan": "7.14.3", "versionType": "custom"}, {"status": "affected", "version": "7.15.0", "lessThan": "7.15.2", "versionType": "custom"}, {"status": "affected", "version": "7.16.0", "lessThan": "7.16.4", "versionType": "custom"}, {"status": "affected", "version": "7.17.0", "lessThan": "7.17.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "confluence_server", "versions": [{"status": "affected", "version": "7.18.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "crowd", "versions": [{"status": "affected", "version": "0", "lessThan": "4.3.8", "versionType": "custom"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "crowd", "versions": [{"status": "affected", "version": "5.0.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "crucible", "versions": [{"status": "affected", "version": "0", "lessThan": "4.8.10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "fisheye", "versions": [{"status": "affected", "version": "0", "lessThan": "4.8.10", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "jira_data_center", "versions": [{"status": "affected", "version": "8.13.0", "lessThan": "8.13.22", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "8.20.10", "versionType": "custom"}, {"status": "affected", "version": "8.21.0", "lessThan": "8.22.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "jira_server", "versions": [{"status": "affected", "version": "8.13.0", "lessThan": "8.13.22", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "8.20.10", "versionType": "custom"}, {"status": "affected", "version": "8.21.0", "lessThan": "8.22.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"], "vendor": "atlassian", "product": "jira_service_desk", "versions": [{"status": "affected", "version": "0", "lessThan": "4.13.22", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"], "vendor": "atlassian", "product": "jira_service_desk", "versions": [{"status": "affected", "version": "0", "lessThan": "4.13.22", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"], "vendor": "atlassian", "product": "jira_service_management", "versions": [{"status": "affected", "version": "4.14.0", "lessThan": "4.20.10", "versionType": "custom"}, {"status": "affected", "version": "4.21.0", "lessThan": "4.22.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"], "vendor": "atlassian", "product": "jira_service_management", "versions": [{"status": "affected", "version": "4.14.0", "lessThan": "4.20.10", "versionType": "custom"}, {"status": "affected", "version": "4.21.0", "lessThan": "4.22.4", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T15:54:32.628Z"}}], "cna": {"affected": [{"vendor": "Atlassian", "product": "Bamboo Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.0.9", "versionType": "custom"}, {"status": "affected", "version": "8.1.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.1.8", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.2.4", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Bamboo Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.0.9", "versionType": "custom"}, {"status": "affected", "version": "8.1.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.1.8", "versionType": "custom"}, {"status": "affected", "version": "8.2.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.2.4", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Bitbucket Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.6.16", "versionType": "custom"}, {"status": "affected", "version": "7.7.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.16.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.17.8", "versionType": "custom"}, {"status": "affected", "version": "7.18.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.19.5", "versionType": "custom"}, {"status": "affected", "version": "7.20.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.20.2", "versionType": "custom"}, {"status": "affected", "version": "7.21.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.21.2", "versionType": "custom"}, {"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "8.1.0"}]}, {"vendor": "Atlassian", "product": "Bitbucket Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.6.16", "versionType": "custom"}, {"status": "affected", "version": "7.7.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.16.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.17.8", "versionType": "custom"}, {"status": "affected", "version": "7.18.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.19.5", "versionType": "custom"}, {"status": "affected", "version": "7.20.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.20.2", "versionType": "custom"}, {"status": "affected", "version": "7.21.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.21.2", "versionType": "custom"}, {"status": "affected", "version": "8.0.0"}, {"status": "affected", "version": "8.1.0"}]}, {"vendor": "Atlassian", "product": "Confluence Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.4.17", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.13.7", "versionType": "custom"}, {"status": "affected", "version": "7.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.14.3", "versionType": "custom"}, {"status": "affected", "version": "7.15.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.15.2", "versionType": "custom"}, {"status": "affected", "version": "7.16.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.16.4", "versionType": "custom"}, {"status": "affected", "version": "7.17.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.17.4", "versionType": "custom"}, {"status": "affected", "version": "7.18.0"}]}, {"vendor": "Atlassian", "product": "Confluence Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.4.17", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.13.7", "versionType": "custom"}, {"status": "affected", "version": "7.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.14.3", "versionType": "custom"}, {"status": "affected", "version": "7.15.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.15.2", "versionType": "custom"}, {"status": "affected", "version": "7.16.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.16.4", "versionType": "custom"}, {"status": "affected", "version": "7.17.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.17.4", "versionType": "custom"}, {"status": "affected", "version": "7.18.0"}]}, {"vendor": "Atlassian", "product": "Crowd Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.3.8", "versionType": "custom"}, {"status": "affected", "version": "4.4.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "4.4.2", "versionType": "custom"}, {"status": "affected", "version": "5.0.0"}]}, {"vendor": "Atlassian", "product": "Crowd Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.3.8", "versionType": "custom"}, {"status": "affected", "version": "4.4.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "4.4.2", "versionType": "custom"}, {"status": "affected", "version": "5.0.0"}]}, {"vendor": "Atlassian", "product": "Crucible", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.8.10", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Fisheye", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.8.10", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Jira Core Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.13.22", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.20.10", "versionType": "custom"}, {"status": "affected", "version": "8.21.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.22.4", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Jira Software Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.13.22", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.20.10", "versionType": "custom"}, {"status": "affected", "version": "8.21.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.22.4", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Jira Software Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "8.13.22", "versionType": "custom"}, {"status": "affected", "version": "8.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.20.10", "versionType": "custom"}, {"status": "affected", "version": "8.21.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "8.22.4", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Jira Service Management Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.13.22", "versionType": "custom"}, {"status": "affected", "version": "4.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "4.20.10", "versionType": "custom"}, {"status": "affected", "version": "4.21.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "4.22.4", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Jira Service Management Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.13.22", "versionType": "custom"}, {"status": "affected", "version": "4.14.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "4.20.10", "versionType": "custom"}, {"status": "affected", "version": "4.21.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "4.22.4", "versionType": "custom"}]}], "datePublic": "2022-07-20T00:00:00", "references": [{"url": "https://jira.atlassian.com/browse/BAM-21795", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.atlassian.com/browse/BSERV-13370", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.atlassian.com/browse/CONFSERVER-79476", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.atlassian.com/browse/CWD-5815", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.atlassian.com/browse/FE-7410", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.atlassian.com/browse/CRUC-8541", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.atlassian.com/browse/JRASERVER-73897", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.atlassian.com/browse/JSDSERVER-11863", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-180", "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."}]}], "providerMetadata": {"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian", "dateUpdated": "2022-07-20T17:25:18"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "8.0.9", "version_affected": "<"}, {"version_value": "8.1.0", "version_affected": ">="}, {"version_value": "8.1.8", "version_affected": "<"}, {"version_value": "8.2.0", "version_affected": ">="}, {"version_value": "8.2.4", "version_affected": "<"}]}, "product_name": "Bamboo Server"}, {"version": {"version_data": [{"version_value": "8.0.9", "version_affected": "<"}, {"version_value": "8.1.0", "version_affected": ">="}, {"version_value": "8.1.8", "version_affected": "<"}, {"version_value": "8.2.0", "version_affected": ">="}, {"version_value": "8.2.4", "version_affected": "<"}]}, "product_name": "Bamboo Data Center"}, {"version": {"version_data": [{"version_value": "7.6.16", "version_affected": "<"}, {"version_value": "7.7.0", "version_affected": ">="}, {"version_value": "7.16.0", "version_affected": ">="}, {"version_value": "7.17.8", "version_affected": "<"}, {"version_value": "7.18.0", "version_affected": ">="}, {"version_value": "7.19.5", "version_affected": "<"}, {"version_value": "7.20.0", "version_affected": ">="}, {"version_value": "7.20.2", "version_affected": "<"}, {"version_value": "7.21.0", "version_affected": ">="}, {"version_value": "7.21.2", "version_affected": "<"}, {"version_value": "8.0.0", "version_affected": "="}, {"version_value": "8.1.0", "version_affected": "="}]}, "product_name": "Bitbucket Server"}, {"version": {"version_data": [{"version_value": "7.6.16", "version_affected": "<"}, {"version_value": "7.7.0", "version_affected": ">="}, {"version_value": "7.16.0", "version_affected": ">="}, {"version_value": "7.17.8", "version_affected": "<"}, {"version_value": "7.18.0", "version_affected": ">="}, {"version_value": "7.19.5", "version_affected": "<"}, {"version_value": "7.20.0", "version_affected": ">="}, {"version_value": "7.20.2", "version_affected": "<"}, {"version_value": "7.21.0", "version_affected": ">="}, {"version_value": "7.21.2", "version_affected": "<"}, {"version_value": "8.0.0", "version_affected": "="}, {"version_value": "8.1.0", "version_affected": "="}]}, "product_name": "Bitbucket Data Center"}, {"version": {"version_data": [{"version_value": "7.4.17", "version_affected": "<"}, {"version_value": "7.5.0", "version_affected": ">="}, {"version_value": "7.13.7", "version_affected": "<"}, {"version_value": "7.14.0", "version_affected": ">="}, {"version_value": "7.14.3", "version_affected": "<"}, {"version_value": "7.15.0", "version_affected": ">="}, {"version_value": "7.15.2", "version_affected": "<"}, {"version_value": "7.16.0", "version_affected": ">="}, {"version_value": "7.16.4", "version_affected": "<"}, {"version_value": "7.17.0", "version_affected": ">="}, {"version_value": "7.17.4", "version_affected": "<"}, {"version_value": "7.18.0", "version_affected": "="}]}, "product_name": "Confluence Server"}, {"version": {"version_data": [{"version_value": "7.4.17", "version_affected": "<"}, {"version_value": "7.5.0", "version_affected": ">="}, {"version_value": "7.13.7", "version_affected": "<"}, {"version_value": "7.14.0", "version_affected": ">="}, {"version_value": "7.14.3", "version_affected": "<"}, {"version_value": "7.15.0", "version_affected": ">="}, {"version_value": "7.15.2", "version_affected": "<"}, {"version_value": "7.16.0", "version_affected": ">="}, {"version_value": "7.16.4", "version_affected": "<"}, {"version_value": "7.17.0", "version_affected": ">="}, {"version_value": "7.17.4", "version_affected": "<"}, {"version_value": "7.18.0", "version_affected": "="}]}, "product_name": "Confluence Data Center"}, {"version": {"version_data": [{"version_value": "4.3.8", "version_affected": "<"}, {"version_value": "4.4.0", "version_affected": ">="}, {"version_value": "4.4.2", "version_affected": "<"}, {"version_value": "5.0.0", "version_affected": "="}]}, "product_name": "Crowd Server"}, {"version": {"version_data": [{"version_value": "4.3.8", "version_affected": "<"}, {"version_value": "4.4.0", "version_affected": ">="}, {"version_value": "4.4.2", "version_affected": "<"}, {"version_value": "5.0.0", "version_affected": "="}]}, "product_name": "Crowd Data Center"}, {"version": {"version_data": [{"version_value": "4.8.10", "version_affected": "<"}]}, "product_name": "Crucible"}, {"version": {"version_data": [{"version_value": "4.8.10", "version_affected": "<"}]}, "product_name": "Fisheye"}, {"version": {"version_data": [{"version_value": "8.13.22", "version_affected": "<"}, {"version_value": "8.14.0", "version_affected": ">="}, {"version_value": "8.20.10", "version_affected": "<"}, {"version_value": "8.21.0", "version_affected": ">="}, {"version_value": "8.22.4", "version_affected": "<"}]}, "product_name": "Jira Core Server"}, {"version": {"version_data": [{"version_value": "8.13.22", "version_affected": "<"}, {"version_value": "8.14.0", "version_affected": ">="}, {"version_value": "8.20.10", "version_affected": "<"}, {"version_value": "8.21.0", "version_affected": ">="}, {"version_value": "8.22.4", "version_affected": "<"}]}, "product_name": "Jira Software Server"}, {"version": {"version_data": [{"version_value": "8.13.22", "version_affected": "<"}, {"version_value": "8.14.0", "version_affected": ">="}, {"version_value": "8.20.10", "version_affected": "<"}, {"version_value": "8.21.0", "version_affected": ">="}, {"version_value": "8.22.4", "version_affected": "<"}]}, "product_name": "Jira Software Data Center"}, {"version": {"version_data": [{"version_value": "4.13.22", "version_affected": "<"}, {"version_value": "4.14.0", "version_affected": ">="}, {"version_value": "4.20.10", "version_affected": "<"}, {"version_value": "4.21.0", "version_affected": ">="}, {"version_value": "4.22.4", "version_affected": "<"}]}, "product_name": "Jira Service Management Server"}, {"version": {"version_data": [{"version_value": "4.13.22", "version_affected": "<"}, {"version_value": "4.14.0", "version_affected": ">="}, {"version_value": "4.20.10", "version_affected": "<"}, {"version_value": "4.21.0", "version_affected": ">="}, {"version_value": "4.22.4", "version_affected": "<"}]}, "product_name": "Jira Service Management Data Center"}]}, "vendor_name": "Atlassian"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://jira.atlassian.com/browse/BAM-21795", "name": "https://jira.atlassian.com/browse/BAM-21795", "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/BSERV-13370", "name": "https://jira.atlassian.com/browse/BSERV-13370", "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/CONFSERVER-79476", "name": "https://jira.atlassian.com/browse/CONFSERVER-79476", "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/CWD-5815", "name": "https://jira.atlassian.com/browse/CWD-5815", "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/FE-7410", "name": "https://jira.atlassian.com/browse/FE-7410", "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/CRUC-8541", "name": "https://jira.atlassian.com/browse/CRUC-8541", "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/JRASERVER-73897", "name": "https://jira.atlassian.com/browse/JRASERVER-73897", "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/JSDSERVER-11863", "name": "https://jira.atlassian.com/browse/JSDSERVER-11863", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-26136", "STATE": "PUBLIC", "ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2022-07-20T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2022-26136", "state": "PUBLISHED", "dateUpdated": "2024-10-03T16:43:16.268Z", "dateReserved": "2022-02-25T00:00:00", "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "datePublished": "2022-07-20T17:25:18.803466Z", "assignerShortName": "atlassian"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", "matchCriteriaId": "218C960A-04C6-4242-BEBA-C81CF5F1F722", "versionEndExcluding": "7.2.10", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", "matchCriteriaId": "E360CDE0-FD1E-4337-8268-DB89CF605EE0", "versionEndExcluding": "8.0.9", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0913EE0-2046-4E7E-966D-DC894E34D12B", "versionEndExcluding": "8.1.8", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*", "matchCriteriaId": "D182C1B1-A5FF-4777-9835-4E9114BB68DC", "versionEndExcluding": "8.2.4", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DCD53E4-3169-4E8A-88D1-38BE51D09DD3", "versionEndExcluding": "7.6.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B878E40-95A7-40A7-9C52-6BC0C2FD3F54", "versionEndExcluding": "7.17.8", "versionStartIncluding": "7.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "46305D5A-7F7B-4A04-9DAD-E582D1193A7E", "versionEndExcluding": "7.19.5", "versionStartIncluding": "7.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "A96B135B-9272-457E-A557-6566554262D3", "versionEndExcluding": "7.20.2", "versionStartIncluding": "7.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "62956861-BEDE-40C8-B628-C831087E7BDB", "versionEndExcluding": "7.21.2", "versionStartIncluding": "7.21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7A85565F-3F80-4E00-A706-AB4B2EAA4AFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "99E2E3C0-CDF0-4D79-80A6-85E71B947ED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C543CA6-8E8A-476C-AB27-614DF4EC68A5", "versionEndExcluding": "7.4.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "45FD913B-45DE-4CA8-9733-D62F54B19E74", "versionEndExcluding": "7.13.7", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "12E753EB-0D31-448B-B8DE-0A95434CC97C", "versionEndExcluding": "7.14.3", "versionStartIncluding": "7.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE114494-74F0-454C-AAC4-8B8E5F1C67D0", "versionEndExcluding": "7.15.2", "versionStartIncluding": "7.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "90BB3572-29ED-415F-AD34-00EB76271F9C", "versionEndExcluding": "7.16.4", "versionStartIncluding": "7.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "30EF756A-B4E9-4E5D-BE6F-02CE95F12C9C", "versionEndExcluding": "7.17.4", "versionStartIncluding": "7.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "A56B6A10-E23F-49EF-8C07-1AEDFCAE2788", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE8BE634-1599-4790-9410-6CA43BC60C4D", "versionEndExcluding": "7.4.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "52E68DFD-48F5-4949-AFEA-3829CA5DFC04", "versionEndExcluding": "7.13.7", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DCDEC6C-4515-4CAA-9D82-7BF68A3AAE7E", "versionEndExcluding": "7.14.3", "versionStartIncluding": "7.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9948F94-DF67-4E3C-8CD4-417D57FBC60F", "versionEndExcluding": "7.15.2", "versionStartIncluding": "7.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "30E63ECB-85A8-4D41-A9B5-9FFF18D9CDB1", "versionEndExcluding": "7.16.4", "versionStartIncluding": "7.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "694171BD-FAE2-472C-8183-04BCA2F7B9A7", "versionEndExcluding": "7.17.4", "versionStartIncluding": "7.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "0AC5E81B-DA4B-45E7-9584-4B576E49FD8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE028964-B3FC-4883-9967-68DE46EE7F6F", "versionEndExcluding": "4.3.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*", "matchCriteriaId": "57DC9E2A-4C89-420D-9330-F11E56BF2F83", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C50A718F-C67B-4462-BB7E-F80408DEF07D", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*", "matchCriteriaId": "92329A2E-13E8-4818-85AB-3E7F479411EF", "versionEndExcluding": "4.8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*", "matchCriteriaId": "30DDE751-CA88-4CFB-9E60-4243851B4B53", "versionEndExcluding": "4.8.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "D91B8507-A7A7-4B74-9999-F1DEA9F487A9", "versionEndExcluding": "8.13.22", "versionStartIncluding": "8.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "963AE427-2897-42CB-AE11-654D700E690B", "versionEndExcluding": "8.20.10", "versionStartIncluding": "8.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7CD8891-BB97-4AD3-BEE4-6CCA0D8A2D85", "versionEndExcluding": "8.22.4", "versionStartIncluding": "8.21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "E73A5202-6114-48E6-8F9B-C03B2E707055", "versionEndExcluding": "8.13.22", "versionStartIncluding": "8.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D22AB11D-1D73-45DC-803C-146EFED18CDA", "versionEndExcluding": "8.20.10", "versionStartIncluding": "8.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB2091E9-0B14-4786-852F-454C56D20839", "versionEndExcluding": "8.22.4", "versionStartIncluding": "8.21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*", "matchCriteriaId": "1451C219-8AAA-4165-AE2C-033EF7B6F93A", "versionEndExcluding": "4.13.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*", "matchCriteriaId": "BD23F987-0F14-4938-BB51-4EE61C24EB62", "versionEndExcluding": "4.13.22", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*", "matchCriteriaId": "39F77953-41D7-4398-9F07-2A057A993762", "versionEndExcluding": "4.20.10", "versionStartIncluding": "4.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*", "matchCriteriaId": "CADBE0E7-36D9-4F6F-BEE6-A1E0B9428C2A", "versionEndExcluding": "4.20.10", "versionStartIncluding": "4.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*", "matchCriteriaId": "DC0DB08B-2034-4691-A7B2-3E5F8B6318B1", "versionEndExcluding": "4.22.4", "versionStartIncluding": "4.21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*", "matchCriteriaId": "97A17BE7-7CCC-46D8-A317-53E2B026DF6E", "versionEndExcluding": "4.22.4", "versionStartIncluding": "4.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."}, {"lang": "es", "value": "Una vulnerabilidad en varios productos de Atlassian permite a un atacante remoto no autenticado omitir los filtros Servlet usados por aplicaciones de primera y tercera parte. El impacto depende de los filtros usados por cada aplicaci\u00f3n y de c\u00f3mo son usados los filtros. Esta vulnerabilidad puede resultar en una omisi\u00f3n de la autenticaci\u00f3n y un ataque de tipo cross-site scripting. Atlassian ha publicado actualizaciones que corrigen la causa principal de esta vulnerabilidad, pero no ha enumerado exhaustivamente todas las consecuencias potenciales de esta vulnerabilidad. Est\u00e1n afectadas las versiones de Atlassian Bamboo anteriores a 8.0.9, desde 8.1.0 hasta 8.1.8, y desde la 8.2.0 hasta 8.2.4. Las versiones de Atlassian Bitbucket est\u00e1n afectadas anteriores a 7.6.16, desde la 7.7.0 anteriores a 7.17.8, desde la 7.18.0 anteriores a 7.19.5, desde la 7.20.0 anteriores a 7.20.2, desde la 7.21.0 anteriores a 7.21.2, y las versiones 8.0.0 y 8.1.0. Est\u00e1n afectadas las versiones de Atlassian Confluence anteriores a 7.4.17, desde la 7.5.0 anteriores a 7.13.7, desde la 7.14.0 anteriores a 7.14.3, desde la 7.15.0 anteriores a 7.15.2, desde la 7.16.0 anteriores a 7.16.4, desde la 7.17.0 anteriores a 7.17.4 y la versi\u00f3n 7.21.0. Est\u00e1n afectadas las versiones de Atlassian Crowd anteriores a 4.3.8, desde la 4.4.0 hasta 4.4.2, y la versi\u00f3n 5.0.0. Est\u00e1n afectadas las versiones de Atlassian Fisheye y Crucible anteriores a 4.8.10. Est\u00e1n afectadas las versiones de Atlassian Jira anteriores a 8.13.22, desde la 8.14.0 hasta 8.20.10, y desde la 8.21.0 hasta 8.22.4. Las versiones de Atlassian Jira Service Management est\u00e1n afectadas anteriores a 4.13.22, desde la 4.14.0 anteriores a 4.20.10, y desde la 4.21.0 anteriores a 4.22.4"}], "id": "CVE-2022-26136", "lastModified": "2024-10-03T17:35:00.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-07-20T18:15:08.487", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/BAM-21795"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/BSERV-13370"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CRUC-8541"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CWD-5815"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/FE-7410"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-73897"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-180"}], "source": "security@atlassian.com", "type": "Secondary"}]}

{}