Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JSDSERVER-11900 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-08-03T02:20:31.107199Z
Updated: 2024-09-17T02:10:43.096Z
Reserved: 2022-07-26T00:00:00
Link: CVE-2022-36800
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-08-03T03:15:08.460
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-36800
Redhat
No data.