Does Jira standalone installation type is affected by CVE-2022-0540 ?
Thanks
Hello, @Kiran Mannava ! Welcome to the Atlassian Community!
Yes, the vulnerability does affect Jira Server.
How would we know if this had been exploited? Is there an 'indicator of compromise' (IoC) we should look for in the logs?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
From what I've read (and Atlassian's notice is here), there don't appear to be any reports of known exploits.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is Jira 8.12 is affected? we do not understand right:
8.12 is not EOL, but seems there is no upgrade to download.
8.12 (EOL date: 26 August, 2022)
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes. 8.12.x versions are affected by this advisory, as this version was released before 8.13.18. Although 8.12 is not at EOL yet, not all bug fixes will be ported back to these prior versions in all cases.
8.13.x and 8.20.x are the current Long Term Support releases where we will expect to see a backport of security fixes such as in this case.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.