Jacob Shafer

**Name of the Vulnerable Software and Affected Versions** Atlassian Jira Align versions prior to 10.109.2 **Description** The issue is related to a Server-Side Request Forgery (SSRF) in the ManageJiraConnectors API component of the Jira Align platform. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request, potentially allowing the attacker to access internal network resources. **Recommendations** For versions prior to 10.109.2, update to version 10.109.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ManageJiraConnectors API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Atlassian Jira Align Server versions prior to 10.109.2 **Description** The issue is related to the MasterUserEdit API in Atlassian Jira Align Server, which allows an authenticated attacker with the People role permission to modify any user's role to Super Admin. This is due to errors in access control. The vulnerability was reported by Jacob Shafer from Bishop Fox. **Recommendations** For versions prior to 10.109.2, update to version 10.109.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the MasterUserEdit API to minimize the risk of exploitation.