HTTP: Atlassian Jira Server and Data Center Mobile Plugin Server-Side Request Forgery

This signature detects attempts to exploit a known vulnerability against Atlassian Jira Server and Data Center's Mobile Plugin. A successful attack can lead to sensitive information disclosure.

Extended Description

A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.

Affected Products

Atlassian jira_service_desk

Short Name
HTTP:CTS:JIRA-DC-MBIL-PLGN-SSRF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Atlassian CVE-2022-26135 Center Data Forgery Jira Mobile Plugin Request Server Server-Side and
Release Date
07/20/2022
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3693
False Positive
Unknown
Vendors

Atlassian

CVSS Score

4.0

Found a potential security threat?