Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137

July 20, 2022

Atlassian has published security advisory CVE-2022-26136, CVE-2022-26137 today, 20 JULY 2022. This advisory is in regards to and affects the Servlet Filter Dispatcher in multiple Server and Datacenter products; these vulnerabilities have already been resolved in the Atlassian Cloud Sites. The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed.

 

Please review the complete advisory in Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137  with our FAQ in FAQ for CVE-2022-26136 / CVE-2022-26137.

Additional information

  • Customers with active licenses above the ten (10) user starter licenses can create support requests by visiting https://support.atlassian.com/contact/; you will be prompted to input your SEN number on this form.
  • Starter license customers can only receive technical support here in Community per our support offerings.
  • Should you have any additional questions about this vulnerability or upgrading Jira in regards to this, please use this link to create a new question in Community in regards to this topic.

 

Comment
Watch
Like # people like this
3804 views

2 comments

J_Dan Garing
J'Dan Garing
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 20, 2022

Is this issue limited to HTTP only or also affects HTTPS?

Like Dave Liao likes this
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 21, 2022

@J_Dan Garing 

Great question, we have updated our FAQ to also answer this;

We use HTTPS/SSL, are we still vulnerable?

Yes. HTTPS is HTTP with encryption (SSL/TLS) which helps secure content traveling between two points. Whether or not encryption is used doesn’t have any effect on how the vulnerability can be exploited.

Source: FAQ for CVE-2022-26136 / CVE-2022-26137 | We use HTTPS/SSL, are we still vulnerable? 

Regards,
Stephen Sifers

Like Dave Liao likes this

Comment

Log in or Sign up to comment
Stephen Sifers

Stephen Sifers

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

Product Lead, Community

Atlassian

Austin, TX

276 accepted answers

1,673 total posts

View profile
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events