CVE-2022-36803

Name of the Vulnerable Software and Affected Versions Atlassian Jira Align Server versions prior to 10.109.2

Description The issue is related to the MasterUserEdit API in Atlassian Jira Align Server, which allows an authenticated attacker with the People role permission to modify any user's role to Super Admin. This is due to errors in access control. The vulnerability was reported by Jacob Shafer from Bishop Fox.

Recommendations For versions prior to 10.109.2, update to version 10.109.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the MasterUserEdit API to minimize the risk of exploitation.