Security News > 2023 > February > Atlassian fixes critical bug giving access to Jira Service Management
A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.
Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "Access to a Jira Service Management instance under certain circumstances."
Tracked as CVE-2023-22501, the vulnerability has a critical severity score of 9.4, as calculated by Atlassian.
Atlassian has released updates that address the issue and advises admins to upgrade to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later.
Copy the JAR file into the Jira home directory Restart the service.
After applying the available security update or the JAR file workaround, admins can check which accounts changed their passwords and logged in since installing the previous version, which could reveal unauthorized access to the accounts.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2023-22501 | Improper Authentication vulnerability in Atlassian Jira Service Management An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. | 9.1 |