Security News > 2022 > April > Atlassian fixes critical Jira authentication bypass vulnerability
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.
Seraph is used in Jira and Confluence for handling all login and logout requests via a system of pluggable core elements.
Although the vulnerability is in the core of Jira, it affects first and third-party apps that specify "Roles required" at the "Webwork1" action namespace level and do not specify it at an "Action" level.
The two bundled apps affected by the flaw are "Insight - Asset Management" and "Mobile Plugin" for Jira.
If no impacted apps are used in Jira, then the severity of the vulnerability drops down to medium.
As for the Jira Service Management, the fixed versions are 4.13.x >= 4.13.18, 4.20.x >= 4.20.6, and 4.22.0 and later.
News URL
Related news
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper patches critical auth bypass in Session Smart routers (source)