## Jira Server SSRF (CVE-2022-26135)

|   **Vulnerability**  | **Jira Server SSRF (CVE-2022-26135)**  |
| :----:   | :-----|
|  **Chinese name**  | Jira Server 服务端请求伪造 (CVE-2022-26135) |
| **CVSS core**  | 7.0 |
| **FOFA Query**  (click to view the results directly)| [body="Signup!default.jspa"](https://fofa.info/result?qbase64=Ym9keT0iU2lnbnVwIWRlZmF1bHQuanNwYSI%3D) |
| **Number of assets affected**  | 4586 |
| **Description**  | Atlassian JIRA Server is a server version of a defect tracking management system developed by Atlassian in Australia. The system is mainly used to track and manage various problems and defects in the work. A security vulnerability exists in Atlassian Jira Server. An attacker exploits this vulnerability to perform a server-side request forgery attack via a batch endpoint. |
| **Impact** | A security vulnerability exists in Atlassian Jira Server. An attacker exploits this vulnerability to perform a server-side request forgery attack via a batch endpoint. |

![](https://s3.bmp.ovh/imgs/2023/04/01/492aaf83b98a7363.gif)