CVE-2025-22169

Summary

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Align< 11.14.0unaffected
AtlassianJira Align>= 11.14.0affected
AtlassianJira Align>= 11.14.1affected
AtlassianJira Align>= 11.15.0affected
AtlassianJira Align>= 11.15.1affected
AtlassianJira Align>= 11.16.0affected
AtlassianJira Align>= 11.16.1unaffected

Weaknesses

  • Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References