Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,465,964
Community Members
 
Community Events
176
Community Groups

Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137

Jul 20, 2022

Atlassian has published security advisory CVE-2022-26136, CVE-2022-26137 today, 20 JULY 2022. This advisory is in regards to and affects the Servlet Filter Dispatcher in multiple Server and Datacenter products; these vulnerabilities have already been resolved in the Atlassian Cloud Sites. The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed.

 

Please review the complete advisory in Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137  with our FAQ in FAQ for CVE-2022-26136 / CVE-2022-26137.

Additional information

  • Customers with active licenses above the ten (10) user starter licenses can create support requests by visiting https://support.atlassian.com/contact/; you will be prompted to input your SEN number on this form.
  • Starter license customers can only receive technical support here in Community per our support offerings.
  • Should you have any additional questions about this vulnerability or upgrading Jira in regards to this, please use this link to create a new question in Community in regards to this topic.

 

Comment
Watch
Like # people like this
1898 views

3 comments

J_Dan Garing
J_Dan Garing Jul 20, 2022

Is this issue limited to HTTP only or also affects HTTPS?

Like Dave Liao likes this
Stephen Sifers
Stephen Sifers Atlassian Team Jul 21, 2022

@J_Dan Garing 

Great question, we have updated our FAQ to also answer this;

We use HTTPS/SSL, are we still vulnerable?

Yes. HTTPS is HTTP with encryption (SSL/TLS) which helps secure content traveling between two points. Whether or not encryption is used doesn’t have any effect on how the vulnerability can be exploited.

Source: FAQ for CVE-2022-26136 / CVE-2022-26137 | We use HTTPS/SSL, are we still vulnerable? 

Regards,
Stephen Sifers

Like Dave Liao likes this
Morten Norgaard
Morten Norgaard I'm New Here Aug 18, 2022 • edited Aug 26, 2022

Thank you Stephen Sifers. I also heard that Atlassian has published a security advisory CVE-2022-26136 but I don't know what it is and also can't find it online in brief. I am thankful to you for sharing that link with us where I found all the information I need. I was actually searching for coursework help online and found it over https://studyclerk.com/complete-coursework here. As well as, I found a link to your post where I found all the information I need to know.

Like Stephen Sifers likes this

Comment

Log in or Sign up to comment
Stephen Sifers

Stephen Sifers

Atlassian Team

About this author

Product Lead, Community

Atlassian

Austin, TX

272 accepted answers

1,659 total posts

View profile
Jira
Jira
TAGS

Atlassian Community Events

See all events