Headline
CVE-2022-36802
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.
Related news
Jira Align flaws enabled malicious users to gain super admin privileges – and potentially worse
Lateral or upwards movement beyond the instance was theoretically possible, concludes researcher
Jira Align flaws enabled malicious users to gain super admin privileges
Super admins can, among other things, modify Jira connections, reset user accounts, and modify security settings