CVE-2022-36803

CVE Database · CVE-2022-36803

CVE-2022-36803

· HIGHModified

CVSS v3.1

8.8

EPSS

0.56%

Published

Oct 14, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-276CWE-276

Affected Products (1)

atlassian · jira_align (up to 10.109.2)vulnerable

References (2)

https://jira.atlassian.com/browse/JIRAALIGN-4281

Permissions RequiredVendor Advisory

https://jira.atlassian.com/browse/JIRAALIGN-4281

Permissions RequiredVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs