CVE-2022-36802

Name of the Vulnerable Software and Affected Versions Atlassian Jira Align versions prior to 10.109.2

Description The issue is related to a Server-Side Request Forgery (SSRF) in the ManageJiraConnectors API component of the Jira Align platform. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request, potentially allowing the attacker to access internal network resources.

Recommendations For versions prior to 10.109.2, update to version 10.109.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ManageJiraConnectors API to minimize the risk of exploitation.