{"cve":{"cve_id":"CVE-2022-26135","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.71169,"epss_percentile":0.99326,"epss_as_of":"2026-06-23","description":"A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.","published_at":"2022-06-30T05:20:15.269000Z","last_modified_at":null,"cvss_v3_score":6.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-918"],"nvd_references":["https://jira.atlassian.com/browse/JRASERVER-73863","https://jira.atlassian.com/browse/JSDSERVER-11840","https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:01:26.728167Z"},"effective_severity":"MEDIUM","badges":["epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-core-server","product_name":"Jira Core Server","version_start":"8.0.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-core-server:8.0.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-core-server","product_name":"Jira Core Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.13.22","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-core-server:unspecified:8.13.22"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-core-server","product_name":"Jira Core Server","version_start":"8.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-core-server:8.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-core-server","product_name":"Jira Core Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.20.10","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-core-server:unspecified:8.20.10"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-core-server","product_name":"Jira Core Server","version_start":"8.21.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-core-server:8.21.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-core-server","product_name":"Jira Core Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.22.4","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-core-server:unspecified:8.22.4"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-data-center","product_name":"Jira Service Management Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"4.22.4","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-data-center:unspecified:4.22.4"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-data-center","product_name":"Jira Service Management Data Center","version_start":"4.0.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-data-center:4.0.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-data-center","product_name":"Jira Service Management Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"4.13.22","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-data-center:unspecified:4.13.22"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-data-center","product_name":"Jira Service Management Data Center","version_start":"4.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-data-center:4.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-data-center","product_name":"Jira Service Management Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"4.20.10","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-data-center:unspecified:4.20.10"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-data-center","product_name":"Jira Service Management Data Center","version_start":"4.21.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-data-center:4.21.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-server","product_name":"Jira Service Management Server","version_start":"4.0.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-server:4.0.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-server","product_name":"Jira Service Management Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"4.13.22","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-server:unspecified:4.13.22"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-server","product_name":"Jira Service Management Server","version_start":"4.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-server:4.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-server","product_name":"Jira Service Management Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"4.20.10","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-server:unspecified:4.20.10"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-server","product_name":"Jira Service Management Server","version_start":"4.21.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-server:4.21.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-service-management-server","product_name":"Jira Service Management Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"4.22.4","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-service-management-server:unspecified:4.22.4"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-data-center","product_name":"Jira Software Data Center","version_start":"8.0.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-data-center:8.0.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-data-center","product_name":"Jira Software Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.13.22","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-data-center:unspecified:8.13.22"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-data-center","product_name":"Jira Software Data Center","version_start":"8.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-data-center:8.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-data-center","product_name":"Jira Software Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.20.10","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-data-center:unspecified:8.20.10"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-data-center","product_name":"Jira Software Data Center","version_start":"8.21.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-data-center:8.21.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-data-center","product_name":"Jira Software Data Center","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.22.4","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-data-center:unspecified:8.22.4"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-server","product_name":"Jira Software Server","version_start":"8.0.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-server:8.0.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-server","product_name":"Jira Software Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.13.22","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-server:unspecified:8.13.22"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-server","product_name":"Jira Software Server","version_start":"8.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-server:8.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-server","product_name":"Jira Software Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.20.10","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-server:unspecified:8.20.10"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-server","product_name":"Jira Software Server","version_start":"8.21.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-server:8.21.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"jira-software-server","product_name":"Jira Software Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"8.22.4","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:jira-software-server:unspecified:8.22.4"}],"exploit_refs":[],"news":[],"references":[{"url":"https://jira.atlassian.com/browse/JRASERVER-73863","source_type":"MISC","tags":[]},{"url":"https://jira.atlassian.com/browse/JSDSERVER-11840","source_type":"MISC","tags":[]},{"url":"https://confluence.atlassian.com/display/JIRA/Jira+Server+Security+Advisory+29nd+June+2022","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2022-06-30T05:20:15.269000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:21:49.885041Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:21:49.885041Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:21:49.885041Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:01:26.728167Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:01:26.728167Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:01:26.728167Z","label":"SSVC decision revised","source":"vulnrichment"}]}