Vulnerability Description
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira Data Center | < 8.13.8 |
| Atlassian | Jira Server | < 8.13.8 |
| Atlassian | Jira Service Management | < 4.13.8 |
Related Weaknesses (CWE)
References
- https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20Issue TrackingPatchVendor Advisory
- https://jira.atlassian.com/browse/JRASERVER-73650Issue TrackingPatchVendor Advisory
- https://jira.atlassian.com/browse/JSDSERVER-11224Issue TrackingPatchVendor Advisory
- https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20Issue TrackingPatchVendor Advisory
- https://jira.atlassian.com/browse/JRASERVER-73650Issue TrackingPatchVendor Advisory
- https://jira.atlassian.com/browse/JSDSERVER-11224Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2022-0540?
CVE-2022-0540 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versio...
How severe is CVE-2022-0540?
CVE-2022-0540 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-0540?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Data Center, Atlassian Jira Server, Atlassian Jira Service Management.