Lucene search
K

231 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.3 views

SUSE CVE-2019-25033

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGNUP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...

5.3CVSS9.6AI score0.01783EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/01/03 12:0 a.m.4 views

The vulnerability of the MasterUserEdit application interface of the cloud-based corporate solution for planning and managing Jira Align (formerly AgileCraft) programs and IT projects allows a malicious individual to increase their privileges.

The vulnerability of the MasterUserEdit application interface of the cloud-based corporate solution for planning and managing Jira Align formerly AgileCraft programs and IT projects is related to access control errors. Exploiting this vulnerability can allow a malicious actor to increase their...

9CVSS7.5AI score0.00555EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/08 10:8 a.m.6 views

unbound: integer overflow in the regional allocator via the ALIGN_UP macro

A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGNUP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability...

9.8CVSS6AI score0.01783EPSS
Exploits0References4
OSV
OSV
added 2022/10/14 4:15 a.m.6 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

8.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/10/14 4:15 a.m.24 views

CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

4.9CVSS0.00826EPSS
Exploits0References1
NVD
NVD
added 2022/10/14 4:15 a.m.36 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

8.8CVSS0.00555EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 4:15 a.m.6 views

CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

4.9CVSS5.8AI score0.00826EPSS
Exploits0References1
Prion
Prion
added 2022/10/14 4:15 a.m.23 views

Design/Logic Flaw

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

6.5CVSS8.4AI score0.00555EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/10/14 4:15 a.m.16 views

Server side request forgery (ssrf)

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

3.3CVSS5.2AI score0.00826EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/14 3:45 a.m.17 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

6.5AI score0.00555EPSS
Exploits0References1
CVE
CVE
added 2022/10/14 3:45 a.m.72 views

CVE-2022-36803

The CVE-2022-36803 vulnerability affects Atlassian Jira Align Server prior to version 10.109.2, due to improper access control in the MasterUserEdit API. An authenticated attacker with the People role can use MasterUserEdit to elevate any user’s role to Super Admin. The issue is explicitly tied t...

8.8CVSS8.4AI score0.00555EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/14 3:45 a.m.41 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

8.7AI score0.00555EPSS
Exploits0References1
CVE
CVE
added 2022/10/14 3:45 a.m.79 views

CVE-2022-36802

The CVE-2022-36802 issue is an SSRF vulnerability in Atlassian Jira Align’s ManageJiraConnectors API. A remote, unauthenticated attacker with Super Admin privileges can craft an HTTP request to access internal network resources. Affected versions are Jira Align prior to 10.109.2. The published fi...

4.9CVSS5.2AI score0.00826EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/14 3:45 a.m.28 views

CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

5.5AI score0.00826EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/14 3:45 a.m.13 views

CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

7.1AI score0.00826EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.4 views

PT-2022-6049 · Atlassian · Jira Align

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Align versions prior to 10.109.2 Description: The issue is related to a Server-Side Request Forgery SSRF in the ManageJiraConnectors API component of the Jira Align platform. This can be exploited by a remote, unauthenticated...

6.1CVSS7.3AI score0.00826EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/08/15 12:0 a.m.3 views

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

8.8CVSS5.8AI score0.00555EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/12 12:0 a.m.2 views

CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

4.9CVSS5.8AI score0.00826EPSS
Exploits0References2
Atlassian
Atlassian
added 2022/08/08 9:27 p.m.47 views

Jira Align - SSRF in ManageJiraConnectors API - CVE-2022-36802

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a...

4.9CVSS5.6AI score0.00826EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/07/26 12:0 a.m.6 views

PT-2022-6074 · Atlassian · Jira Align Server

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Align Server versions prior to 10.109.2 Description: The issue is related to the MasterUserEdit API in Atlassian Jira Align Server, which allows an authenticated attacker with the People role permission to modify any user's rol...

9CVSS6.8AI score0.00555EPSS
Exploits0References7
Rows per page
Query Builder