CVE-2022-36800

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.

PUBLISHED Reserved 2022-07-26 | Published 2022-08-03 | Updated 2024-10-29 | Assigner atlassian

Problem types

Information Disclosure

Product status

References

jira.atlassian.com/browse/JSDSERVER-11900

cve.org (CVE-2022-36800)

nvd.nist.gov (CVE-2022-36800)

Download JSON