Remote Authentication Bypass Vulnerability in Atlassian Products
CVE-2022-26136

9.8CRITICAL

Key Information:

Vendor
Atlassian
Status
Bamboo Server
Bamboo Data Center
Bitbucket Server
Bitbucket Data Center
Vendor
CVE Published:
20 July 2022

Summary

A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.

Affected Version(s)

Bamboo Data Center < 8.0.9

Bamboo Data Center 8.1.0

Bamboo Data Center < 8.1.8

References

https://jira.atlassian.com/browse/BAM-21795
x_refsource_MISC
https://jira.atlassian.com/browse/BSERV-13370
x_refsource_MISC
https://jira.atlassian.com/browse/CONFSERVER-79476
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.