Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CVE-2022-26136, CVE-2022-26137 - Which version is affected / not affected?

Manuel Ruiz
Manuel Ruiz
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 26, 2022

Hi,

as i can see in https://confluence.atlassian.com/security/multiple-products-security-advisory-cve-2022-26136-cve-2022-26137-1141493031.html our used jira & confluence versions are listed in "affected" and also in "fixed" version. So what is to do? Are we affected or not?

 

We are using confluence 7.13.7 and jira 8.20.7

 

Affected:

  • confluence 7.13.x < 7.13.7

    • or is the meaning "lower than 7.13.7 but not 7.13.7"?

  • jira 8.20.x < 8.20.10

    • 8.20.7 is between those values...BUT

Fixed:

  • 7.13.x >= 7.13.7
    • How can 7.13.x till 7.13.7 be in the fixed list when its also in the affected list?
  • 8.20.x >= 8.20.10 
    • 8.20.7 is also between those values...? So, affected, not affected? Maybe affected?

 

Can anybody translate this table into simple version information like "fixed since x.x.xx"? As i can see in the changelog there is also no fix information about the cve in the last versions.

 

Best Regards

Manuel

 

 

 

Answer
Watch
Like Iván Muñoz Martínez likes this
630 views

1 answer

0 votes
Payne
Payne
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 26, 2022

Confluence is fixed since 7.13.7

Jira is fixed since 8.20.10

"x" is being used as a placeholder. For Confluence:

Affected 7.13.x < 7.13.7 means 7.13.0, 7.13.1, ..., 7.13.6

Fixed 7.13.x >= 7.13.7 means 7.13.7, 7.13.8, ...

For Jira:

Affected 8.20.x < 8.20.10 means 8.20.0, 8.20.1, ..., 8.20.9

Fixed 8.20.x >= 8.20.10 means 8.20.10, 8.20.11, ...

View More Comments
Manuel Ruiz
Manuel Ruiz
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 28, 2022

This placeholder make absolut no sense, but, however, thanks.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security