CVE-2022-0540

CVE Database · CVE-2022-0540

CVE-2022-0540

· CRITICALModified

CVSS v3.1

9.8

EPSS

88.33%

Published

Apr 20, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-287

Affected Products (12)

atlassian · jira_data_center (up to 8.13.8)vulnerable

atlassian · jira_data_center (up to 8.20.6)vulnerable

atlassian · jira_data_center (up to 8.22.0)vulnerable

atlassian · jira_server (up to 8.13.8)vulnerable

atlassian · jira_server (up to 8.20.6)vulnerable

atlassian · jira_server (up to 8.22.0)vulnerable

atlassian · jira_service_management (up to 4.13.8)vulnerable