Skip to main content

Jira Align

2 CVEs product

Monthly

CVE-2022-36803 HIGH This Week

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Privilege Escalation Jira Align
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36802 MEDIUM This Month

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Atlassian Jira Align
NVD
CVSS 3.1
4.9
EPSS
0.8%
EPSS 1% CVSS 8.8
HIGH This Week

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Privilege Escalation Jira Align
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Atlassian Jira Align
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy