Authorization Issue in Jira Align Affects Sensitive Data Access by Low-Privilege Users
CVE-2025-22178

5.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Align
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-22178?

Jira Align has a vulnerability that allows low-privilege users to access restricted endpoints, potentially exposing sensitive information. For instance, users with minimal permissions can view confidential data displayed on the 'Why' page, which poses a risk to data integrity and confidentiality. This issue highlights the importance of robust access controls in securing sensitive information within applications.

Affected Version(s)

Jira Align >= 11.14.0 < 11.14.0

Jira Align >= 11.14.1 >= 11.14.1

Jira Align >= 11.15.0 >= 11.15.0

References

https://jira.atlassian.com/browse/JIRAALIGN-8647

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jan 1, 2025

Credit

Frank Lycops, NATO Cyber Security Centre

JSON

Atlassian

What is CVE-2025-22178?

Affected Version(s)

References

CVSS V4

Timeline

Credit