Atlassian has launched fixes to resolve a essential safety flaw in Jira Service Management Server and Data Center that might be abused by an attacker to move off as one other consumer and acquire unauthorized entry to prone cases.
The vulnerability is tracked as CVE-2023-22501 (CVSS rating: 9.4) and has been described as a case of damaged authentication with low assault complexity.
“An authentication vulnerability was found in Jira Service Management Server and Data Center which permits an attacker to impersonate one other consumer and acquire entry to a Jira Service Management occasion underneath sure circumstances,” Atlassian mentioned.
“With write entry to a User Directory and outgoing e mail enabled on a Jira Service Management occasion, an attacker might acquire entry to signup tokens despatched to customers with accounts which have by no means been logged into.”
The tokens, Atlassian famous, might be obtained in both of the 2 eventualities –
- If the attacker is included on Jira points or requests with these customers, or
- If the attacker is forwarded or in any other case positive factors entry to emails containing a “View Request” hyperlink from these customers
It additionally cautioned that whereas customers who’re synced to the Jira service by way of read-only User Directories or single sign-on (SSO) usually are not affected, exterior prospects who work together with the occasion by way of e mail are affected, even when SSO is configured.
The Australian software program companies supplier mentioned the vulnerability was launched in model 5.3.0 and impacts all subsequent variations 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. Fixes have been made accessible in variations 5.3.3, 5.3.3, 5.5.1, and 5.6.0 or later.
Atlassian emphasised that Jira websites hosted on the cloud by way of an atlassian[.]web area usually are not affected by the flaw and that no motion is required on this case.
The disclosure arrives greater than two months after the corporate closed two essential safety holes Bitbucket Server, Data Center, and Crowd merchandise (CVE-2022-43781 and CVE-2022-43782) that might be exploited to achieve code execution and invoke privileged API endpoints.
With flaws in Atlassian merchandise turning into an alluring assault vector in latest months, it is essential that customers improve their installations to the most recent variations to mitigate potential threats.