CVE-2022-0540

Summary

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Core Serverunspecified < 8.13.18affected
AtlassianJira Core Server8.14.0 < unspecifiedaffected
AtlassianJira Core Serverunspecified < 8.20.6affected
AtlassianJira Core Server8.21.0 < unspecifiedaffected
AtlassianJira Core Serverunspecified < 8.22.0affected
AtlassianJira Software Serverunspecified < 8.13.18affected
AtlassianJira Software Server8.14.0 < unspecifiedaffected
AtlassianJira Software Serverunspecified < 8.20.6affected
AtlassianJira Software Server8.21.0 < unspecifiedaffected
AtlassianJira Software Serverunspecified < 8.22.0affected
AtlassianJira Software Data Centerunspecified < 8.13.18affected
AtlassianJira Software Data Center8.14.0 < unspecifiedaffected
AtlassianJira Software Data Centerunspecified < 8.20.6affected
AtlassianJira Software Data Center8.21.0 < unspecifiedaffected
AtlassianJira Software Data Centerunspecified < 8.22.0affected
AtlassianJira Service Management Serverunspecified < 4.13.18affected
AtlassianJira Service Management Server4.14.0 < unspecifiedaffected
AtlassianJira Service Management Serverunspecified < 4.20.6affected
AtlassianJira Service Management Server4.21.0 < unspecifiedaffected
AtlassianJira Service Management Serverunspecified < 4.22.0affected
AtlassianJira Service Management Data Centerunspecified < 4.13.18affected
AtlassianJira Service Management Data Center4.14.0 < unspecifiedaffected
AtlassianJira Service Management Data Centerunspecified < 4.20.6affected
AtlassianJira Service Management Data Center4.21.0 < unspecifiedaffected
AtlassianJira Service Management Data Centerunspecified < 4.22.0affected

Weaknesses

  • Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References