November 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Excel Vulnerabilities
October 23, 2025Multiple Oracle Products Vulnerabilities
October 23, 2025Multiple Microsoft Excel Vulnerabilities
October 23, 2025Multiple Oracle Products Vulnerabilities
October 23, 2025
Severity
Medium
Analysis Summary
CVE-2025-22178 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the "Why" page.
CVE-2025-22174 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.
CVE-2025-22173 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view certain sprint data without the required permission.
CVE-2025-22172 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read external reports without the required permission.
CVE-2025-22170 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action.
CVE-2025-22169 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level.
CVE-2025-22176 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view audit log items.
CVE-2025-22177 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view other team overviews.
CVE-2025-22175 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to modify the steps of another user's private checklist.
CVE-2025-22171 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users.
CVE-2025-22168 CVSS:5.3
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.
Impact
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-22178
- CVE-2025-22174
- CVE-2025-22173
- CVE-2025-22172
- CVE-2025-22170
- CVE-2025-22169
- CVE-2025-22176
- CVE-2025-22177
- CVE-2025-22175
- CVE-2025-22171
- CVE-2025-22168
Affected Vendors
Atlassian
Affected Products
- Atlassian Jira Align 11.14.0
- Atlassian Jira Align 11.14.1
- Atlassian Jira Align 11.15.0
- Atlassian Jira Align 11.15.1
- Atlassian Jira Align 11.16.0
Remediation
Refer to Atlassian Jira Security Advisory for patch, upgrade, or suggested workaround information.