Jira Server and Jira Data Center CVE-2022-26135 - Full-Read Server Side Request Forgery in Mobile

Atlassian has published security advisory CVE-2022-0540 today, 29 June 2022.  This advisory is in regards to and affects the Jira Server Mobile Plugin which is bundled with Jira and Jira Service Management. Jira Cloud is not affected. The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed.

Please review the complete advisory in CVE-2022-26135 - Full-Read Server Side Request Forgery in Mobile Plugin for Jira Data Center and Server and the FAQ page FAQ for CVE-202226135 

Additional information

• Customers with active licenses above the 10 user starter licenses, can create support requests by visiting https://support.atlassian.com/contact/ you will be prompted to input your SEN number on this form
• Starter license customers can only receive technical support here in Community per our support offerings.
• Should you have any additional questions about this vulnerability or upgrading Jira in regards to this please use this link to create a new question in Community in regards to this topic.