An app is only affected by CVE-2022-0540 when both of the following conditions are true:
It’s installed in one of the affected Jira or Jira Service Management versions listed above
It’s using a configuration vulnerable to CVE-2022-054
If you’re unable to install a fixed version of Jira or Jira Service Management and you’re using any affected apps, refer to the table in the Determining which apps are affected section above to determine if non-affected versions of those apps are available. If so, update any affected apps to a non-affected version.
As a last resort, if you’re using any apps listed in the Determining which apps are affected section and all versions of the app are affected, you can mitigate the security risk by disabling the app until you’re able to install a fixed version of Jira or Jira Service Management.
(Apparently, if you have a default Jira you can just update the Mobile plugin for now).
It’s installed in one of the affected Jira or Jira Service Management versions listed above
It’s using a configuration vulnerable to CVE-2022-054
If you’re unable to install a fixed version of Jira or Jira Service Management and you’re using any affected apps, refer to the table in the Determining which apps are affected section above to determine if non-affected versions of those apps are available. If so, update any affected apps to a non-affected version.
As a last resort, if you’re using any apps listed in the Determining which apps are affected section and all versions of the app are affected, you can mitigate the security risk by disabling the app until you’re able to install a fixed version of Jira or Jira Service Management.
(Apparently, if you have a default Jira you can just update the Mobile plugin for now).