Atlassian patches serious Jira authentication flaw
>
Atlassian has revealed that it has fixed a major flaw in their Service Management Server and Data Center products.
The vulnerability, tracked as CVE-2023-22501, allows threat actors to impersonate (opens in new tab) people and access a Jira Service Management instance under certain circumstances. It has been assigned a severity score of 9.4, making it a critical error.
“With write access to a user list and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to logon tokens sent to users with accounts that have never been logged in,” Atlassian noted in its description of the vulnerability .
Vulnerable versions
The company explained that a threat actor could potentially get the tokens by being included in Jira issues or requests with the users, or if they somehow received an email with a “View Request” link.
“Bot accounts are particularly susceptible to this scenario,” Atlassian continues. “Single sign-on instances can impact external customer accounts in projects where anyone can create their own account.”
These are the Jira versions that are vulnerable to the bug: 5.3.0; 5.3.1; 5.3.2; 5.4.0; 5.4.1 and 5.5.0. To be on the safe side, make sure your Jira is up to date with version 5.3.3; 5.4.2; 5.5.1 or 5.6.0.
Atlassian products appear to be a popular target for cybercriminals. Last October, the US Cybersecurity and Infrastructure Agency (CISA) noted that a very serious flaw in two widely used Atlassian Bitbucket tools – Server and Data Center – was being actively exploited in the wild.
Prior to that, in July, Jira, Confluence, and Bamboo were reported to be vulnerable to CVE-2022-26136, a random Servlet Filter bypass that allowed threat actors to bypass custom Servlet FIlters that third-party apps use for authentication. The error was considered very serious.
Through: Information security magazine (opens in new tab)