CVE-2022-26135
Description
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
89.286
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.20.3 | Windows |
| Multiple Vulnerabilities are affected in Atlassian Jira Core Data Center 8.21.0 | Windows |
| Vulnerabilities CVE-2022-26135,CVE-2022-26136,CVE-2022-26137 are affected in Atlassian Jira Core Data Center 8.13.15 | Windows |
| Vulnerabilities CVE-2019-13990,CVE-2022-26135,CVE-2022-26136,CVE-2022-26137 are affected in Atlassian Jira Service Management Data Center 4.20.9 | Windows |
| Vulnerabilities CVE-2019-13990,CVE-2022-26135,CVE-2022-26136,CVE-2022-26137 are affected in Atlassian Jira Service Management Data Center 4.22.3 | Windows |
| Vulnerabilities CVE-2019-13990,CVE-2022-26135,CVE-2022-26136,CVE-2022-26137 are affected in Atlassian Jira Service Management Server 4.20.9 | Windows |
| Vulnerabilities CVE-2019-13990,CVE-2022-26135,CVE-2022-26136,CVE-2022-26137 are affected in Atlassian Jira Service Management Server 4.22.3 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234