Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-22171
PUBLISHED
More InfoOfficial Page
Assigner-atlassian
Assigner Org ID-f08a6ab8-ed46-4c22-8884-d911ccfe3c66
View Known Exploited Vulnerability (KEV) details
Published At-22 Oct, 2025 | 16:30
Updated At-23 Oct, 2025 | 18:11
Rejected At-
▼CVE Numbering Authority (CNA)

Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users.

Affected Products
Vendor
AtlassianAtlassian
Product
Jira Align
Versions
Affected
  • >= 11.14.0
  • >= 11.14.1
  • >= 11.15.0
  • >= 11.15.1
  • >= 11.16.0
Unaffected
  • < 11.14.0
  • >= 11.16.1
Problem Types
TypeCWE IDDescription
Improper AuthorizationN/AImproper Authorization
Type: Improper Authorization
CWE ID: N/A
Description: Improper Authorization
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Frank Lycops, NATO Cyber Security Centre
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jira.atlassian.com/browse/JIRAALIGN-8640
N/A
Hyperlink: https://jira.atlassian.com/browse/JIRAALIGN-8640
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285 Improper Authorization
Type: CWE
CWE ID: CWE-285
Description: CWE-285 Improper Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found