CVE-2022-26135

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions 8.0.0 through 8.13.21 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.9 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.3 Jira Management Server and Data Center versions 4.0.0 through 4.13.21 Jira Management Server and Data Center versions 4.14.0 through 4.20.9 Jira Management Server and Data Center versions 4.21.0 through 4.22.3

Description The issue is related to insufficient request checking on the server side, allowing a remote, authenticated user to perform a full read server-side request forgery via a batch endpoint. This can be exploited to conduct SSRF attacks.

Recommendations For Atlassian Jira Server and Data Center versions 8.0.0 through 8.13.21, update to version 8.13.22 or later. For Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.9, update to version 8.20.10 or later. For Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.3, update to version 8.22.4 or later. For Jira Management Server and Data Center versions 4.0.0 through 4.13.21, update to version 4.13.22 or later. For Jira Management Server and Data Center versions 4.14.0 through 4.20.9, update to version 4.20.10 or later. For Jira Management Server and Data Center versions 4.21.0 through 4.22.3, update to version 4.22.4 or later. As a temporary workaround, consider restricting access to the batch endpoint to minimize the risk of exploitation.