Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.

Related CPE's

a

atlassian

jira_service_management

2

References

https://jira.atlassian.com/browse/JSDSERVER-11900

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JSDSERVER-11900

Issue TrackingVendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-732

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-08-03T01:15:08.460Z

3 years ago

Last modified

2024-11-21T06:13:47.177Z

1 year ago