Lucene search
AtlassianCVELIST:CVE-2022-36800HistoryAug 03, 2022 - 12:00 a.m.
CVE-2022-36800
2022-08-0300:00:00
atlassian
www.cve.org
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the βBrowse Usersβ permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.
CNA Affected
[
{
"product": "Jira Service Management Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Service Management Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "4.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-36800
2022-08-03 03:15:08
atlassian
atlassian
User without "Browse Users" permission can view groups - CVE-2022-36800
2022-07-27 01:53:20
prion
prion
Information disclosure
2022-08-03 03:15:00
nvd
nvd
CVE-2022-36800
2022-08-03 03:15:08