CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.
References
Link Resource
https://jira.atlassian.com/browse/JIRAALIGN-4281 Permissions Required Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:jira_align:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-10-14 04:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-36803

Mitre link : CVE-2022-36803

CVE.ORG link : CVE-2022-36803


JSON object : View

Products Affected

atlassian

  • jira_align
CWE
CWE-276

Incorrect Default Permissions