CVE-2022-36800

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
atlassianCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
atlassianjira_service_management
𝑥
< 4.22.2
atlassianjira_service_management
𝑥
< 4.22.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jira.atlassian.com/browse/JSDSERVER-11900
https://jira.atlassian.com/browse/JSDSERVER-11900