Reflected Cross-Site Scripting Vulnerability in Atlassian Jira Server and Data Center
CVE-2022-36801

6.1MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Server; Jira Data Center
Vendor: CVE Published:; 10 August 2022

What is CVE-2022-36801?

A serious vulnerability in Atlassian Jira Server and Data Center allows unauthorized attackers to exploit the TeamManagement.jspa endpoint, enabling the injection of arbitrary HTML or JavaScript. This flaw can facilitate a range of attacks, potentially compromising user data and application integrity. Affected users should upgrade to versions 8.20.8 or later to secure their systems against this risk.

Affected Version(s)

Jira Data Center < 8.20.8

Jira Server < 8.20.8

References

https://jira.atlassian.com/browse/JRASERVER-73740

x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jul 26, 2022