CVE-2022-36800

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2.

Related Vulnerabilities

CVE-2016-11065

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.

CWE-7322016

CVE-2016-11080

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.

CWE-7322016

CVE-2017-18870

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.

CWE-7322017

CVE-2017-18872

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.

CWE-7322017

CVE-2017-18878

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.

CWE-7322017

CVE-2017-18910

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.

CWE-7322017