Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Atlassian’s Jira Service Management Found Vulnerable to Critical Vulnerability

Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability

Authentication Vulnerability

Atlassian has released fixes to resolve a critical security flaw
in Jira Service Management Server and Data Center that could be
abused by an attacker to pass off as another user and gain
unauthorized access to susceptible instances.

The vulnerability[1]
is tracked as CVE-2023-22501[2]
(CVSS score: 9.4) and has been described as a case of broken
authentication with low attack complexity.

“An authentication vulnerability was discovered in Jira Service
Management Server and Data Center which allows an attacker to
impersonate another user and gain access to a Jira Service
Management instance under certain circumstances,” Atlassian
said[3].

“With write access to a User Directory and outgoing email
enabled on a Jira Service Management instance, an attacker could
gain access to signup tokens sent to users with accounts that have
never been logged into.”

The tokens, Atlassian noted, can be obtained in either of the
two scenarios –

  • If the attacker is included on Jira issues or requests with
    these users, or
  • If the attacker is forwarded or otherwise gains access to
    emails containing a “View Request” link from these users

It also cautioned[4]
that while users who are synced to the Jira service via read-only
User Directories or single sign-on (SSO) are not affected, external
customers who interact with the instance via email are affected,
even when SSO is configured.

The Australian software services provider said the vulnerability
was introduced in version 5.3.0 and impacts all subsequent versions
5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. Fixes have been made
available in versions 5.3.3, 5.3.3, 5.5.1, and 5.6.0 or later.

Atlassian emphasized that Jira sites hosted on the cloud via an
atlassian[.]net domain are not affected by the flaw and that no
action is required in this case.

The disclosure arrives more than two months after the company
closed two critical security holes Bitbucket Server, Data Center,
and Crowd products (CVE-2022-43781 and CVE-2022-43782[5]) that could be exploited
to gain code execution and invoke privileged API endpoints.

With flaws in Atlassian products becoming an alluring[6]
attack vector[7]
in recent months, it’s crucial that users upgrade their
installations to the latest versions to mitigate potential
threats.

Found this article interesting? Follow us on Twitter [8]
and LinkedIn[9]
to read more exclusive content we post.

References

  1. ^
    vulnerability
    (confluence.atlassian.com)
  2. ^
    CVE-2023-22501
    (nvd.nist.gov)
  3. ^
    said
    (confluence.atlassian.com)
  4. ^
    cautioned
    (confluence.atlassian.com)
  5. ^
    CVE-2022-43781 and CVE-2022-43782
    (thehackernews.com)
  6. ^
    alluring
    (thehackernews.com)
  7. ^
    attack
    vector     (thehackernews.com)
  8. ^
    Twitter
     (twitter.com)
  9. ^
    LinkedIn
    (www.linkedin.com)

Read more