CVE-2022-0540

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.18 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.6 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.0 Atlassian Jira Service Management Server and Data Center versions prior to 4.13.18 Atlassian Jira Service Management Server and Data Center versions 4.14.0 through 4.20.6 Atlassian Jira Service Management Server and Data Center versions 4.21.0 through 4.22.0

Description A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This issue is related to deficiencies in the authentication procedure. The exploitation of this vulnerability may allow an attacker to elevate their privileges. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Atlassian Jira Server and Data Center versions prior to 8.13.18, update to version 8.13.18 or later. For Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.6, update to version 8.20.6 or later. For Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.0, update to version 8.22.0 or later. For Atlassian Jira Service Management Server and Data Center versions prior to 4.13.18, update to version 4.13.18 or later. For Atlassian Jira Service Management Server and Data Center versions 4.14.0 through 4.20.6, update to version 4.20.6 or later. For Atlassian Jira Service Management Server and Data Center versions 4.21.0 through 4.22.0, update to version 4.22.0 or later. As a temporary workaround, consider disabling vulnerable applications or restricting their use until a patch is available. If updating is not possible, update vulnerable applications if their authors have released a fix, or refrain from using them until a fix is available.