CVE-2022-26136

Name of the Vulnerable Software and Affected Versions Atlassian Bamboo versions 8.0.0 through 8.0.8 Atlassian Bamboo versions 8.1.0 through 8.1.7 Atlassian Bamboo versions 8.2.0 through 8.2.3 Atlassian Bitbucket versions 7.0.0 through 7.6.15 Atlassian Bitbucket versions 7.7.0 through 7.17.7 Atlassian Bitbucket versions 7.18.0 through 7.19.4 Atlassian Bitbucket versions 7.20.0 through 7.20.1 Atlassian Bitbucket versions 7.21.0 through 7.21.1 Atlassian Bitbucket versions 8.0.0 through 8.1.0 Atlassian Confluence versions 7.0.0 through 7.4.16 Atlassian Confluence versions 7.5.0 through 7.13.6 Atlassian Confluence versions 7.14.0 through 7.14.2 Atlassian Confluence versions 7.15.0 through 7.15.1 Atlassian Confluence versions 7.16.0 through 7.16.3 Atlassian Confluence versions 7.17.0 through 7.17.3 Atlassian Confluence version 7.21.0 Atlassian Crowd versions 4.0.0 through 4.3.7 Atlassian Crowd versions 4.4.0 through 4.4.1 Atlassian Crowd version 5.0.0 Atlassian Fisheye and Crucible versions 4.0.0 through 4.8.9 Atlassian Jira versions 8.0.0 through 8.13.21 Atlassian Jira versions 8.14.0 through 8.20.9 Atlassian Jira versions 8.21.0 through 8.22.3 Atlassian Jira Service Management versions 4.0.0 through 4.13.21 Atlassian Jira Service Management versions 4.14.0 through 4.20.9 Atlassian Jira Service Management versions 4.21.0 through 4.22.3

Description A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability.

Recommendations Atlassian Bamboo versions 8.0.0 through 8.0.8: Update to version 8.0.9 or later. Atlassian Bamboo versions 8.1.0 through 8.1.7: Update to version 8.1.8 or later. Atlassian Bamboo versions 8.2.0 through 8.2.3: Update to version 8.2.4 or later. Atlassian Bitbucket versions 7.0.0 through 7.6.15: Update to version 7.6.16 or later. Atlassian Bitbucket versions 7.7.0 through 7.17.7: Update to version 7.17.8 or later. Atlassian Bitbucket versions 7.18.0 through 7.19.4: Update to version 7.19.5 or later. Atlassian Bitbucket versions 7.20.0 through 7.20.1: Update to version 7.20.2 or later. Atlassian Bitbucket versions 7.21.0 through 7.21.1: Update to version 7.21.2 or later. Atlassian Bitbucket versions 8.0.0 through 8.1.0: Update to version 8.1.1 or later. Atlassian Confluence versions 7.0.0 through 7.4.16: Update to version 7.4.17 or later. Atlassian Confluence versions 7.5.0 through 7.13.6: Update to version 7.13.7 or later. Atlassian Confluence versions 7.14.0 through 7.14.2: Update to version 7.14.3 or later. Atlassian Confluence versions 7.15.0 through 7.15.1: Update to version 7.15.2 or later. Atlassian Confluence versions 7.16.0 through 7.16.3: Update to version 7.16.4 or later. Atlassian Confluence versions 7.17.0 through 7.17.3: Update to version 7.17.4 or later. Atlassian Confluence version 7.21.0: Update to version 7.21.1 or later. Atlassian Crowd versions 4.0.0 through 4.3.7: Update to version 4.3.8 or later. Atlassian Crowd versions 4.4.0 through 4.4.1: Update to version 4.4.2 or later. Atlassian Crowd version 5.0.0: Update to version 5.0.1 or later. Atlassian Fisheye and Crucible versions 4.0.0 through 4.8.9: Update to version 4.8.10 or later. Atlassian Jira versions 8.0.0 through 8.13.21: Update to version 8.13.22 or later. Atlassian Jira versions 8.14.0 through 8.20.9: Update to version 8.20.10 or later. Atlassian Jira versions 8.21.0 through 8.22.3: Update to version 8.22.4 or later. Atlassian Jira Service Management versions 4.0.0 through 4.13.21: Update to version 4.13.22 or later. Atlassian Jira Service Management versions 4.14.0 through 4.20.9: Update to version 4.20.10 or later. Atlassian Jira Service Management versions 4.21.0 through 4.22.3: Update to version 4.22.4 or later.