Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137

Atlassian has published security advisory CVE-2022-26136, CVE-2022-26137 today, 20 JULY 2022. This advisory is in regards to and affects the Servlet Filter Dispatcher in multiple Server and Datacenter products; these vulnerabilities have already been resolved in the Atlassian Cloud Sites. The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed.

 

Please review the complete advisory in Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137  with our FAQ in FAQ for CVE-2022-26136 / CVE-2022-26137.

Additional information

  • Customers with active licenses above the ten (10) user starter licenses can create support requests by visiting https://support.atlassian.com/contact/; you will be prompted to input your SEN number on this form.
  • Starter license customers can only receive technical support here in Community per our support offerings.
  • Should you have any additional questions about this vulnerability or upgrading Jira in regards to this, please use this link to create a new question in Community in regards to this topic.

 

2 comments

J_Dan Garing July 20, 2022

Is this issue limited to HTTP only or also affects HTTPS?

Like Dave Liao likes this
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 21, 2022

@J_Dan Garing 

Great question, we have updated our FAQ to also answer this;

We use HTTPS/SSL, are we still vulnerable?

Yes. HTTPS is HTTP with encryption (SSL/TLS) which helps secure content traveling between two points. Whether or not encryption is used doesn’t have any effect on how the vulnerability can be exploited.

Source: FAQ for CVE-2022-26136 / CVE-2022-26137 | We use HTTPS/SSL, are we still vulnerable? 

Regards,
Stephen Sifers

Like Dave Liao likes this

Comment

Log in or Sign up to comment
AUG Leaders

Atlassian Community Events