Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137

July 20, 2022

Atlassian has published security advisory CVE-2022-26136, CVE-2022-26137 today, 20 JULY 2022. This advisory is in regards to and affects the Servlet Filter Dispatcher in multiple Server and Datacenter products; these vulnerabilities have already been resolved in the Atlassian Cloud Sites. The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed.

 

Please review the complete advisory in Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137  with our FAQ in FAQ for CVE-2022-26136 / CVE-2022-26137.

Additional information

  • Customers with active licenses above the ten (10) user starter licenses can create support requests by visiting https://support.atlassian.com/contact/; you will be prompted to input your SEN number on this form.
  • Starter license customers can only receive technical support here in Community per our support offerings.
  • Should you have any additional questions about this vulnerability or upgrading Jira in regards to this, please use this link to create a new question in Community in regards to this topic.

 

Comment
Watch
Like # people like this
3884 views

2 comments

J_Dan Garing
J'Dan Garing
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 20, 2022

Is this issue limited to HTTP only or also affects HTTPS?

Like • Dave Liao likes this
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 21, 2022

@J_Dan Garing 

Great question, we have updated our FAQ to also answer this;

We use HTTPS/SSL, are we still vulnerable?

Yes. HTTPS is HTTP with encryption (SSL/TLS) which helps secure content traveling between two points. Whether or not encryption is used doesn’t have any effect on how the vulnerability can be exploited.

Source: FAQ for CVE-2022-26136 / CVE-2022-26137 | We use HTTPS/SSL, are we still vulnerable? 

Regards,
Stephen Sifers

Like • Dave Liao likes this

Comment

Log in or Sign up to comment
Stephen Sifers

Stephen Sifers

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

Product Lead, Community

Atlassian

Austin, TX

276 accepted answers

1,673 total posts

View profile
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.