Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137

Atlassian has published security advisory CVE-2022-26136, CVE-2022-26137 today, 20 JULY 2022. This advisory is in regards to and affects the Servlet Filter Dispatcher in multiple Server and Datacenter products; these vulnerabilities have already been resolved in the Atlassian Cloud Sites. The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed.

 

Please review the complete advisory in Multiple Products Security Advisory - CVE-2022-26136, CVE-2022-26137  with our FAQ in FAQ for CVE-2022-26136 / CVE-2022-26137.

Additional information

  • Customers with active licenses above the ten (10) user starter licenses can create support requests by visiting https://support.atlassian.com/contact/; you will be prompted to input your SEN number on this form.
  • Starter license customers can only receive technical support here in Community per our support offerings.
  • Should you have any additional questions about this vulnerability or upgrading Jira in regards to this, please use this link to create a new question in Community in regards to this topic.

 

2 comments

Is this issue limited to HTTP only or also affects HTTPS?

Like Dave Liao likes this
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jul 21, 2022

@J_Dan Garing 

Great question, we have updated our FAQ to also answer this;

We use HTTPS/SSL, are we still vulnerable?

Yes. HTTPS is HTTP with encryption (SSL/TLS) which helps secure content traveling between two points. Whether or not encryption is used doesn’t have any effect on how the vulnerability can be exploited.

Source: FAQ for CVE-2022-26136 / CVE-2022-26137 | We use HTTPS/SSL, are we still vulnerable? 

Regards,
Stephen Sifers

Like Dave Liao likes this

Comment

Log in or Sign up to comment
AUG Leaders

Atlassian Community Events