CVE-2025-22174

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission...

CVE-2025-22171

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users...

CVE-2025-22174

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission...

CVE-2025-22170

Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action...

CVE-2025-22173

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission...

CVE-2025-22169

CVE-2025-22169 affects Atlassian Jira Align. Multiple connected sources describe an authorization flaw where a low-privilege user can access endpoints that disclose limited sensitive information, including subscribing to an item/object without the expected permissions. This once again confirms an...

CVE-2025-22173

CVE-2025-22173 : Jira Align is affected by an authorization flaw that allows a low-privilege user to access certain endpoints and disclose a small amount of sensitive information (e.g., viewing sprint data without required permission). Multiple sources (NVD, Red Hat, CVE records) corroborate an a...

CVE-2025-22169

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level...

CVE-2025-22169

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level...

CVE-2025-22178

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the "Why" page...

CVE-2025-22173

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission...

EUVD-2025-35600

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission...

CVE-2025-22178

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the "Why" page...

CVE-2025-22174

CVE-2025-22174 describes an authorization issue in Atlassian Jira Align where a low-privilege user can access endpoints that disclose a small amount of sensitive information. The provided documents consistently cite that a low-level user could view portfolio rooms without the required permission,...

CVE-2025-22170

Summary: Jira Align has an authorization vulnerability where a low-privilege user could abuse a state-related parameter from a higher-privileged user to perform restricted actions. This is described in multiple sources (NVD/Red Hat/CVE records) without detailed root-cause or affected version info...

CVE-2025-22170

Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action...

EUVD-2025-35601

Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action...

EUVD-2025-35602

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission...

CVE-2025-22172

CVE-2025-22172 affects Atlassian Jira Align. The issue is an authorization flaw that lets a low-privilege user access unexpected endpoints and disclose a small amount of sensitive information, exemplified by reading external reports without required permission. The description and connected sourc...

CVE-2025-22172

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission...