The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JIRAALIGN-4281 |
History
Wed, 02 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-10-14T03:45:15.477564Z
Updated: 2024-10-02T14:23:56.022Z
Reserved: 2022-07-26T00:00:00
Link: CVE-2022-36803
Vulnrichment
Updated: 2024-08-03T10:14:28.492Z
NVD
Status : Modified
Published: 2022-10-14T04:15:13.807
Modified: 2024-11-21T07:13:48.387
Link: CVE-2022-36803
Redhat
No data.