CVE-2022-26136
Published: Jul 20, 2022
Modified: Oct 3, 2024
Description
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
| Vendor | Product | Versions |
|---|---|---|
Atlassian | Bamboo Server | affected unspecified - < 8.0.9affected 8.1.0 - < unspecifiedaffected unspecified - < 8.1.8affected 8.2.0 - < unspecifiedaffected unspecified - < 8.2.4 |
Atlassian | Bamboo Data Center | affected unspecified - < 8.0.9affected 8.1.0 - < unspecifiedaffected unspecified - < 8.1.8affected 8.2.0 - < unspecifiedaffected unspecified - < 8.2.4 |
Atlassian | Bitbucket Server | affected unspecified - < 7.6.16affected 7.7.0 - < unspecifiedaffected 7.16.0 - < unspecifiedaffected unspecified - < 7.17.8affected 7.18.0 - < unspecified+7 more versions |
Atlassian | Bitbucket Data Center | affected unspecified - < 7.6.16affected 7.7.0 - < unspecifiedaffected 7.16.0 - < unspecifiedaffected unspecified - < 7.17.8affected 7.18.0 - < unspecified+7 more versions |
Atlassian | Confluence Server | affected unspecified - < 7.4.17affected 7.5.0 - < unspecifiedaffected unspecified - < 7.13.7affected 7.14.0 - < unspecifiedaffected unspecified - < 7.14.3+7 more versions |
Atlassian | Confluence Data Center | affected unspecified - < 7.4.17affected 7.5.0 - < unspecifiedaffected unspecified - < 7.13.7affected 7.14.0 - < unspecifiedaffected unspecified - < 7.14.3+7 more versions |
Atlassian | Crowd Server | affected unspecified - < 4.3.8affected 4.4.0 - < unspecifiedaffected unspecified - < 4.4.2affected 5.0.0 |
Atlassian | Crowd Data Center | affected unspecified - < 4.3.8affected 4.4.0 - < unspecifiedaffected unspecified - < 4.4.2affected 5.0.0 |
Atlassian | Crucible | affected unspecified - < 4.8.10 |
Atlassian | Fisheye | affected unspecified - < 4.8.10 |
Atlassian | Jira Core Server | affected unspecified - < 8.13.22affected 8.14.0 - < unspecifiedaffected unspecified - < 8.20.10affected 8.21.0 - < unspecifiedaffected unspecified - < 8.22.4 |
Atlassian | Jira Software Server | affected unspecified - < 8.13.22affected 8.14.0 - < unspecifiedaffected unspecified - < 8.20.10affected 8.21.0 - < unspecifiedaffected unspecified - < 8.22.4 |
Atlassian | Jira Software Data Center | affected unspecified - < 8.13.22affected 8.14.0 - < unspecifiedaffected unspecified - < 8.20.10affected 8.21.0 - < unspecifiedaffected unspecified - < 8.22.4 |
Atlassian | Jira Service Management Server | affected unspecified - < 4.13.22affected 4.14.0 - < unspecifiedaffected unspecified - < 4.20.10affected 4.21.0 - < unspecifiedaffected unspecified - < 4.22.4 |
Atlassian | Jira Service Management Data Center | affected unspecified - < 4.13.22affected 4.14.0 - < unspecifiedaffected unspecified - < 4.20.10affected 4.21.0 - < unspecifiedaffected unspecified - < 4.22.4 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now