CVE-2022-36800 - OpenCVE

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atlassian	Jira Service Management

Configuration 1 [-]

OR	cpe:2.3:a:atlassian:jira_service_management:::::data_center:::*
	cpe:2.3:a:atlassian:jira_service_management:::::server:::*

No data.

References

Link	Providers
https://jira.atlassian.com/browse/JSDSERVER-11900

History

No history.

MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2022-08-03T02:20:31.107199Z

Updated: 2024-09-17T02:10:43.096Z

Reserved: 2022-07-26T00:00:00

Link: CVE-2022-36800

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-03T03:15:08.460

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-36800

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Jira Service Management Server", "vendor": "Atlassian", "versions": [{"lessThan": "4.22.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Service Management Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "4.22.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-08-03T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the \"Browse Users\" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-03T02:20:31", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JSDSERVER-11900"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2022-08-03T00:00:00", "ID": "CVE-2022-36800", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Service Management Server", "version": {"version_data": [{"version_affected": "<", "version_value": "4.22.2"}]}}, {"product_name": "Jira Service Management Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "4.22.2"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the \"Browse Users\" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JSDSERVER-11900", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JSDSERVER-11900"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:14:28.408Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JSDSERVER-11900"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2022-36800", "datePublished": "2022-08-03T02:20:31.107199Z", "dateReserved": "2022-07-26T00:00:00", "dateUpdated": "2024-09-17T02:10:43.096Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}