Lucene search
A0a054388f60JRASERVER-73956HistoryJun 28, 2022 - 2:48 p.m.
Apache Tomcat CVE-2022-34305
2022-06-2814:48:07
a0a054388f60
jira.atlassian.com
209
0.001 Low
EPSS
Percentile
43.6%
h3. Issue Summary
This is reproducible on Data Center: yes
- The current version of Tomcat 8.5.72 bundled with JIRA 8.22 and Tomcat 9.0.61 bundled with Jira 9 are vulnerable to CVE-2022-34305 https://vulners.com/cve/CVE-2022-34305
h3. Steps to Reproduce
–
h3. Expected Results
–
h3. Actual Results
–
h3. Workaround
Manually updating Tomcat would be a valid workaround, however checking Tomcat download link we can see that latest available versions are:
- For Tomcat 8, 8.5.81 http://archive.apache.org/dist/tomcat/tomcat-8/
- For Tomcat 9, 9.0.64 http://archive.apache.org/dist/tomcat/tomcat-9/
So, not even Tomcat has release a version that has the fix for this CVE, looks like this vulnerability is currently undergoing analysis.
Opening a ticket to keep track of it on our side.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jira data center | le | 9.0.0 | |
| jira data center | le | 8.22.4 | |
| jira data center | lt | 9.2.0 | |
| jira data center | lt | 8.13.27 | |
| jira data center | lt | 8.20.14 |
Related
f5
f5
K00303143 : Apache Tomcat vulnerability CVE-2022-34305
2022-07-11 00:00:00
kaspersky
kaspersky
KLA19261 XSS vulnerability in Apache Tomcat
2022-07-20 00:00:00
KLA19260 XSS vulnerability in Apache Tomcat
2022-08-28 00:00:00
KLA19262 XSS vulnerability in Apache Tomcat
2022-07-26 00:00:00
ibm
ibm
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-34305
2022-12-20 07:05:39
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting due to Apache Tomcat (CVE-2022-34305)
2023-01-10 10:31:23
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-34305
2023-01-20 16:08:01
debiancve
debiancve
CVE-2022-34305
2022-06-23 11:15:00
ubuntucve
ubuntucve
CVE-2022-34305
2022-06-23 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-06-24 04:07:07
nessus
nessus
Dell EMC NetWorker < 19.7.0.2 XSS (DSA-2022-341)
2022-12-08 00:00:00
Apache Tomcat 10.0.0.M1 < 10.0.23 vulnerability
2022-06-23 00:00:00
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-003)
2023-09-27 00:00:00
redhatcve
redhatcve
CVE-2022-34305
2022-06-30 18:05:42
openvas
openvas
Apache Tomcat XSS Vulnerability (Jun 2022) - Linux
2022-06-24 00:00:00
Apache Tomcat XSS Vulnerability (Jun 2022) - Windows
2022-06-24 00:00:00
Mageia: Security Advisory (MGASA-2023-0138)
2023-04-17 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 10.0.23
2022-07-26 00:00:00
Fixed in Apache Tomcat 10.1.0-M17
2022-07-20 00:00:00
Fixed in Apache Tomcat 9.0.65
2022-07-20 00:00:00
prion
prion
Cross site scripting
2022-06-23 11:15:00
cnvd
cnvd
Apache Tomcat Cross-Site Scripting Vulnerability
2022-06-27 00:00:00
osv
osv
CVE-2022-34305
2022-06-23 11:15:07
Cross-site Scripting in Apache Tomcat
2022-06-24 00:00:32
BIT-tomcat-2022-34305
2024-03-06 11:09:17
freebsd
freebsd
Tomcat -- XSS in examples web application
2022-06-22 00:00:00
cvelist
cvelist
CVE-2022-34305 XSS in examples web application
2022-06-23 10:30:16
atlassian
atlassian
Confluence Apache Tomcat CVE-2022-34305
2022-07-07 19:05:27
github
github
Cross-site Scripting in Apache Tomcat
2022-06-24 00:00:32
cve
cve
CVE-2022-34305
2022-06-23 11:15:00
gentoo
gentoo
Apache Tomcat: Multiple Vulnerabilities
2022-08-21 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00