7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.013 Low
EPSS
Percentile
85.9%
This affects the Batik library from v1.0 - v1.15 Jira 9.0.0 uses Batik v1.14.
More information on vulnerability at:
[Information Exposure (CVE-2022-41704)|https://asecurityteam.atlassian.net/browse/VULN-1041609]
[Remote Code Execution (RCE) (CVE-2022-42890)|https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEXMLGRAPHICS-3063691]
Fix:
Upgrade {{org.apache.xmlgraphics:batik-script}} to version 1.16 or higher.
CPE | Name | Operator | Version |
---|---|---|---|
jira data center | le | 9.0.0 |