Community
Products
Jira
Questions
CVE-2022-26135 - Mobile Plugin for Jira - Are we affected if the plugin is disabled

CVE-2022-26135 - Mobile Plugin for Jira - Are we affected if the plugin is disabled

Hi ,

We are using a vunelrable jira server edition.
8.19.X for
CVE-2022-26135 - Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server.

But the mobile plugin for jira is disabled .

Are we still affected and if affected is the it still a serious severity.

1 answer

2 votes

Hello @suresh kumar ,

Thanks for reaching out, and Yes you can disable the app to mitigate the threat until you are able to update covered in the FAQ for CVE-2022-26135 for disabling the app noting:

Disable the app

The Mobile Plugin for Jira app is in a special category of System Apps such that it can be disabled similarly to User-installed apps. Use the "Disable" button on the app to mitigate the vulnerability until you can upgrade Jira.

However, we do recommend updating the app regardless at your earliest convenience to make sure that the threat is removed from the system to prevent accidental re-activation.

Regards,
Earl

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

CVE-2022-26135 - Mobile Plugin for Jira - Are we affected if the plugin is disabled

1 answer

Disable the app

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events