Description
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Atlassian / Jira Core Serverunspecified β 8.13.18
- Atlassian / Jira Core Server8.14.0 β unspecified
- Atlassian / Jira Core Serverunspecified β 8.20.6
- Atlassian / Jira Core Server8.21.0 β unspecified
- Atlassian / Jira Core Serverunspecified β 8.22.0
- Atlassian / Jira Service Management Data Centerunspecified β 4.22.0
- Atlassian / Jira Service Management Data Centerunspecified β 4.13.18
- Atlassian / Jira Service Management Data Center4.14.0 β unspecified
- Atlassian / Jira Service Management Data Centerunspecified β 4.20.6
- Atlassian / Jira Service Management Data Center4.21.0 β unspecified
- Atlassian / Jira Service Management Serverunspecified β 4.13.18
- Atlassian / Jira Service Management Server4.14.0 β unspecified
- Atlassian / Jira Service Management Serverunspecified β 4.20.6
- Atlassian / Jira Service Management Server4.21.0 β unspecified
- Atlassian / Jira Service Management Serverunspecified β 4.22.0
- Atlassian / Jira Software Data Centerunspecified β 8.13.18
- Atlassian / Jira Software Data Center8.14.0 β unspecified
- Atlassian / Jira Software Data Centerunspecified β 8.20.6
- Atlassian / Jira Software Data Center8.21.0 β unspecified
- Atlassian / Jira Software Data Centerunspecified β 8.22.0
- Atlassian / Jira Software Serverunspecified β 8.13.18
- Atlassian / Jira Software Server8.14.0 β unspecified
- Atlassian / Jira Software Serverunspecified β 8.20.6
- Atlassian / Jira Software Server8.21.0 β unspecified
- Atlassian / Jira Software Serverunspecified β 8.22.0
Exploits & PoCs
- nucleiAtlassian Jira Seraph - Authentication Bypassby DhiyaneshDK