Wiz
Vulnerability DatabaseCVE-2022-36800

CVE-2022-36800
Jira Service Management vulnerability analysis and mitigation

Overview

Affected versions of Atlassian Jira Service Management Server and Data Center contain an Information Disclosure vulnerability (CVE-2022-36800) that was discovered in July 2022. The vulnerability allows remote attackers without the "Browse Users" permission to view groups through the browsegroups.action endpoint. The affected versions are before version 4.22.2 (Jira Issue).

Technical details

The vulnerability exists in the browsegroups.action endpoint of Jira Service Management Server and Data Center. It allows unauthorized access to group information by bypassing the "Browse Users" permission check. The vulnerability has been assigned a CVSS Score of 3.5 (Medium severity) (Jira Issue).

Impact

When exploited, this vulnerability allows remote attackers to view group information in Jira Service Management instances, even without having the required "Browse Users" permission. This represents an information disclosure risk that could expose organizational structure and user group memberships (Jira Issue).

Mitigation and workarounds

The vulnerability has been fixed in Jira Service Management Server and Data Center version 4.22.2. Organizations running affected versions should upgrade to version 4.22.2 or later to mitigate this security risk (Jira Issue).

Additional resources

SourceThis report was generated using AI

Related Jira Service Management vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2022-1471CRITICAL9.8
  • IBM Db2IBM Db2
  • jenkins
NoYesDec 01, 2022
CVE-2023-22501CRITICAL9.1
  • Jira Service ManagementJira Service Management
  • cpe:2.3:a:atlassian:jira_service_desk
NoYesFeb 01, 2023
CVE-2024-21683HIGH8.8
  • Atlassian Fisheye & CrucibleAtlassian Fisheye & Crucible
  • cpe:2.3:a:atlassian:confluence_server
NoYesMay 21, 2024
CVE-2025-22157HIGH7.2
  • JIRAJIRA
  • cpe:2.3:a:atlassian:jira
NoYesMay 20, 2025
CVE-2022-36800MEDIUM4.3
  • Jira Service ManagementJira Service Management
  • cpe:2.3:a:atlassian:jira_service_management
NoYesAug 03, 2022

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo