vulnerability
Atlassian JIRA: Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server (CVE-2022-26135)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jun 30, 2022 | Jul 25, 2022 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jun 30, 2022
Added
Jul 25, 2022
Modified
Aug 11, 2025
Description
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.
Solutions
atlassian-jira-upgrade-8_13_22atlassian-jira-upgrade-8_20_10atlassian-jira-upgrade-8_22_4
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.