• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
atlassian drops patches for critical jira authentication bypass vulnerability

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

You are here: Home / General Cyber Security News / Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
April 23, 2022

Atlassian has published a security advisory warning of a critical vulnerability in its Jira application that could be abused by a distant, unauthenticated attacker to circumvent authentication protections.

Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring procedure and resides in Jira’s authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been credited with discovering and reporting the security weak point.

“A distant, unauthenticated attacker could exploit this by sending a specifically crafted HTTP ask for to bypass authentication and authorization needs in WebWork actions utilizing an affected configuration,” Atlassian pointed out.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

The flaw influences the pursuing Jira products –

  • Jira Core Server, Jira Program Server and Jira Software Data Middle: All versions just before 8.13.18, 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x just before 8.20.6, and 8.21.x
  • Jira Provider Administration Server and Jira Assistance Administration Information Middle: All variations in advance of 4.13.18, 4.14.x, 4.15.x, 4.16.x, 4.17.x, 4.18.x, 4.19.x, 4.20.x just before 4.20.6, and 4.21.x

Preset Jira and Jira Services Management versions are 8.13.18, 8.20.6, and 8.22. and 4.13.18, 4.20.6, and 4.22..

Atlassian also pointed out that the flaw influences very first and 3rd-party applications only if they are installed in one of the aforementioned Jira or Jira Services Administration versions and that they are making use of a susceptible configuration.

CyberSecurity

Customers are strongly advised to update to a person of the patched variations to mitigate opportunity exploitation tries. If fast patching is just not an option, the firm is advising updating the impacted apps to a preset model or disabling them altogether.

It is really really worth noting that a critical remote code execution flaw in Atlassian Confluence (CVE-2021-26084, CVSS rating: 9.8) was actively weaponized in the wild final 12 months to install cryptocurrency miners on compromised servers.

Discovered this post exciting? Observe THN on Facebook, Twitter  and LinkedIn to read a lot more distinctive written content we write-up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Wawa Sues Mastercard Over Data Breach Penalties
Next Post: T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code t mobile admits lapsus$ hackers gained access to its internal tools»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.