Description
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. Link: https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
Remediation
References
Related Vulnerabilities
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2009-4030)
WordPress Plugin Events Widgets For Elementor And The Events Calendar Security Bypass (1.4.3)
Liferay Portal Missing Authorization Vulnerability (CVE-2022-38512)
Moodle CVE-2018-10891 Vulnerability (CVE-2018-10891)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Local File Inclusion (4.18.63)