Security News > 2023 > February > Atlassian warns of critical Jira Service Management auth flaw

Atlassian warns of critical Jira Service Management auth flaw
2023-02-03 14:31

A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.

Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "Access to a Jira Service Management instance under certain circumstances."

Tracked as CVE-2023-22501, the vulnerability has a critical severity score of 9.4, as calculated by Atlassian.

Atlassian has released updates that address the issue and advises admins to upgrade to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later.

Copy the JAR file into the Jira home directory Restart the service.

After applying the available security update or the JAR file workaround, admins can check which accounts changed their passwords and logged in since installing the previous version, which could reveal unauthorized access to the accounts.


News URL

https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-jira-service-management-auth-flaw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-22501 Improper Authentication vulnerability in Atlassian Jira Service Management
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into.
network
low complexity
atlassian CWE-287
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412