Authorization Flaw in Jira Align by Atlassian
CVE-2025-22168

5.3MEDIUM

Key Information:

Vendor

Atlassian
Status
Jira Align
Vendor
CVE Published:
22 October 2025

What is CVE-2025-22168?

Jira Align possesses an authorization flaw that enables low-privilege users to gain access to restricted endpoints, potentially exposing sensitive information. This security weakness allows such users to view private checklists belonging to others, raising significant concerns about data privacy and integrity within the application.

Affected Version(s)

Jira Align >= 11.14.0 < 11.14.0

Jira Align >= 11.14.1 >= 11.14.1

Jira Align >= 11.15.0 >= 11.15.0

References

https://jira.atlassian.com/browse/JIRAALIGN-8637

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Frank Lycops, NATO Cyber Security Centre
JSON
.
CVE-2025-22168 : Authorization Flaw in Jira Align by Atlassian