CVE-2022-26137

20.07.2022, 18:15

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victims permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
atlassian	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
atlassian	bamboo	7.2.0 ≤ 𝑥 < 7.2.10
atlassian	bamboo	8.0.0 ≤ 𝑥 < 8.0.9
atlassian	bamboo	8.1.0 ≤ 𝑥 < 8.1.8
atlassian	bamboo	8.2.0 ≤ 𝑥 < 8.2.4
atlassian	bitbucket	𝑥 < 7.6.16
atlassian	bitbucket	7.7.0 ≤ 𝑥 < 7.17.8
atlassian	bitbucket	7.18.0 ≤ 𝑥 < 7.19.5
atlassian	bitbucket	7.20.0 ≤ 𝑥 < 7.20.2
atlassian	bitbucket	7.21.0 ≤ 𝑥 < 7.21.2
atlassian	bitbucket	8.0.0
atlassian	bitbucket	8.1.0
atlassian	confluence_data_center	𝑥 < 7.4.17
atlassian	confluence_data_center	7.5.0 ≤ 𝑥 < 7.13.7
atlassian	confluence_data_center	7.14.0 ≤ 𝑥 < 7.14.3
atlassian	confluence_data_center	7.15.0 ≤ 𝑥 < 7.15.2
atlassian	confluence_data_center	7.16.0 ≤ 𝑥 < 7.16.4
atlassian	confluence_data_center	7.17.0 ≤ 𝑥 < 7.17.4
atlassian	confluence_data_center	7.18.0
atlassian	confluence_server	𝑥 < 7.4.17
atlassian	confluence_server	7.5.0 ≤ 𝑥 < 7.13.7
atlassian	confluence_server	7.14.0 ≤ 𝑥 < 7.14.3
atlassian	confluence_server	7.15.0 ≤ 𝑥 < 7.15.2
atlassian	confluence_server	7.16.0 ≤ 𝑥 < 7.16.4
atlassian	confluence_server	7.17.0 ≤ 𝑥 < 7.17.4
atlassian	confluence_server	7.18.0
atlassian	crowd	𝑥 < 4.3.8
atlassian	crowd	4.4.0 ≤ 𝑥 < 4.4.2
atlassian	crowd	5.0.0
atlassian	crucible	𝑥 < 4.8.10
atlassian	fisheye	𝑥 < 4.8.10
atlassian	jira_data_center	8.13.0 ≤ 𝑥 < 8.13.22
atlassian	jira_data_center	8.14.0 ≤ 𝑥 < 8.20.10
atlassian	jira_data_center	8.21.0 ≤ 𝑥 < 8.22.4
atlassian	jira_server	8.13.0 ≤ 𝑥 < 8.13.22
atlassian	jira_server	8.14.0 ≤ 𝑥 < 8.20.10
atlassian	jira_server	8.21.0 ≤ 𝑥 < 8.22.4
atlassian	jira_service_desk	𝑥 < 4.13.22
atlassian	jira_service_desk	𝑥 < 4.13.22
atlassian	jira_service_management	4.14.0 ≤ 𝑥 < 4.20.10
atlassian	jira_service_management	4.14.0 ≤ 𝑥 < 4.20.10
atlassian	jira_service_management	4.21.0 ≤ 𝑥 < 4.22.4
atlassian	jira_service_management	4.21.0 ≤ 𝑥 < 4.22.4