The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JIRAALIGN-4326 |
History
Wed, 02 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-10-14T03:45:14.385390Z
Updated: 2024-10-29T15:19:34.058Z
Reserved: 2022-07-26T00:00:00
Link: CVE-2022-36802
Vulnrichment
Updated: 2024-08-03T10:14:28.397Z
NVD
Status : Modified
Published: 2022-10-14T04:15:13.703
Modified: 2024-10-29T16:35:04.083
Link: CVE-2022-36802
Redhat
No data.