228 matches found
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
Server side request forgery (ssrf)
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
Design/Logic Flaw
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36803
The CVE-2022-36803 vulnerability affects Atlassian Jira Align Server prior to version 10.109.2, due to improper access control in the MasterUserEdit API. An authenticated attacker with the People role can use MasterUserEdit to elevate any user’s role to Super Admin. The issue is explicitly tied t...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
CVE-2022-36802
The CVE-2022-36802 issue is an SSRF vulnerability in Atlassian Jira Align’s ManageJiraConnectors API. A remote, unauthenticated attacker with Super Admin privileges can craft an HTTP request to access internal network resources. Affected versions are Jira Align prior to 10.109.2. The published fi...
PT-2022-6049 · Atlassian · Jira Align
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Align versions prior to 10.109.2 Description: The issue is related to a Server-Side Request Forgery SSRF in the ManageJiraConnectors API component of the Jira Align platform. This can be exploited by a remote, unauthenticated...
CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
Jira Align - SSRF in ManageJiraConnectors API - CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...
PT-2022-6074 · Atlassian · Jira Align Server
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Align Server versions prior to 10.109.2 Description: The issue is related to the MasterUserEdit API in Atlassian Jira Align Server, which allows an authenticated attacker with the People role permission to modify any user's rol...
Jira Align - Improper Authorization in MasterUserEdit API - CVE-2022-36803
The MasterUserEdit API in Atlassian Jira Align before version 10.109.2 allows an authenticated attacker with the People role permission can use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. Affected versions: versi...
DEBIAN-CVE-2019-25033
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGNUP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...
UBUNTU-CVE-2019-25033
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGNUP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...