What is CVE-2022-0540?

CVE-2022-0540 is a vulnerability in Atlassian Jira Core Server. Published 2022-04-20.

Is CVE-2022-0540 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Jira Core Server

CVE-2022-0540

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and…

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Core Server — versions unspecified, 8.14.0, 8.21.0
Atlassian Jira Service Management Data Center — versions unspecified, 4.14.0, 4.21.0
Atlassian Jira Service Management Server — versions unspecified, 4.14.0, 4.21.0
Atlassian Jira Software Data Center — versions unspecified, 8.14.0, 8.21.0
Atlassian Jira Software Server — versions unspecified, 8.14.0, 8.21.0

Public proof-of-concept exploits

References

confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20 (x_refsource_MISC)
jira.atlassian.com/browse/JRASERVER-73650 (x_refsource_MISC)
jira.atlassian.com/browse/JSDSERVER-11224 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-0540?: CVE-2022-0540 is a vulnerability in Atlassian Jira Core Server. Published 2022-04-20.
Is CVE-2022-0540 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.