CVE-2022-36800

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.
References
Link Resource
https://jira.atlassian.com/browse/JSDSERVER-11900 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*

Information

Published : 2022-08-03 03:15

Updated : 2022-08-09 05:15


NVD link : CVE-2022-36800

Mitre link : CVE-2022-36800

Products Affected
No products.
CWE