cvedb.io
CVE-2022-36803
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-10-14T04:15:13.807 · Last modified 2026-06-17T04:54:00.490

Summary

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.

Affected products

atlassian — jira_align

Does this affect you?

Add your gear to cvedb and we'll alert you only when atlassian ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.