Atlassian Jira Align
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Atlassian Jira Align.
By the Year
In 2026 there have been 0 vulnerabilities in Atlassian Jira Align. Last year, in 2025 Jira Align had 11 security vulnerabilities published. Right now, Jira Align is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 11 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 6.85 |
It may take a day or so for new Jira Align vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Atlassian Jira Align Security Vulnerabilities
Jira Align AuthBreach: Low-Priv User Access to Sensitive Endpoints
CVE-2025-22178
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the "Why" page.
AuthZ
Jira Align low-privilege user can access unauthorized endpoints
CVE-2025-22169
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level.
AuthZ
Jira Align AuthZ Bypass via State Param
CVE-2025-22170
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action.
AuthZ
Auth Bypass in Jira Align Allows Low-Priv Users to Access Sensitive Endpoints
CVE-2025-22172
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission.
AuthZ
Jira Align AuthZ Flaw: Low-Priv User Accesses Sprint Data
CVE-2025-22173
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission.
AuthZ
Jira Align Auth Bypass: Low-Priv User Access to Protected Endpoints
CVE-2025-22174
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.
AuthZ
Authorization Bypass in Jira Align Low-Privilege Access to Audit Logs
CVE-2025-22176
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view audit log items.
AuthZ
Jira Align AuthZ flaw allows lowprivilege read of private checklist steps
CVE-2025-22168
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.
AuthZ
Auth Bypass in Atlassian Jira Align: Low-Priv User Alters Private Checklists
CVE-2025-22171
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users.
AuthZ
Jira Align Auth Issue: Low-Priv User Exploits Endpoint Disclosure
CVE-2025-22175
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist.
AuthZ
Jira Align AuthZ Bypass Exposes Team Overviews
CVE-2025-22177
- October 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view other team overviews.
AuthZ
Jira Align Server <=10.109.2 MasterUserEdit API role elevation to Super Admin
CVE-2022-36803
8.8 - High
- October 14, 2022
The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox.
Incorrect Default Permissions
SSRF in Atlassian Jira Align <10.109.2 via ManageJiraConnectors API
CVE-2022-36802
4.9 - Medium
- October 14, 2022
The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.
SSRF
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Atlassian Jira Align or by Atlassian? Click the Watch button to subscribe.
