CVE-2022-36803

8.8HIGH

Key Information

Vendor: Atlassian
Status: Jira Align
Vendor: CVE Published:; 14 October 2022

Summary

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.

Affected Version(s)

Jira Align < 10.109.2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 14, 2022
Vulnerability Reserved.
Jul 26, 2022

Collectors

NVD DatabaseMitre Database