• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Atlassian Patches Critical Authentication Flaw in Jira Software

You are here: Home / General Cyber Security News / Atlassian Patches Critical Authentication Flaw in Jira Software
February 3, 2023

Atlassian has released a number of patches to resolve a critical security vulnerability in Jira Assistance Management Server and Data Middle.

The flaw (tracked CVE-2023-22501) has a CVSS score of 9.4 and can reportedly be exploited by attackers to impersonate other people and get hold of unauthorized obtain to influenced occasions.

“With create accessibility to a Person Listing and outgoing email enabled on a Jira Company Administration instance, an attacker could achieve obtain to signal-up tokens sent to customers with accounts that have under no circumstances been logged into,” reads a description of the flaw on the Jira web page.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In accordance to Atlassian, access to these tokens can be acquired possibly by way of an attacker becoming involved on Jira issues or requests with these users or if the attacker is forwarded (or normally gains access to) email messages that contains a ‘View Request’ link.

“Bot accounts are notably vulnerable to this scenario,” the company defined. “On situations with solitary indication-on, external customer accounts can be influenced in jobs where any individual can create their possess account.”

The Jira versions influenced by the vulnerability are 5.3., 5.3.1, 5.3.2, 5.4., 5.4.1 and 5.5.. Atlassian has confirmed patches ended up unveiled for variations 5.3.3, 5.4.2, 5.5.1 and 5.6.. The business has urged prospects to update to the hottest patched variation to protect their Jira scenarios from danger actors.

In a connected report, Atlassian also set up an FAQ site for the flaw, the place it clarified that Atlassian Cloud situations (Jira internet sites hosted on the cloud by way of an atlassian.net area) experienced not been vulnerable to it.

The patches come a number of months right after many US security organizations included another Atlassian vulnerability (CVE-2022-26134) in a listing of the 20 typical flaws exploited by Chinese condition-sponsored actors given that 2020.


Some parts of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News New Credential-Stealing Campaign By APT34 Targets Middle East Firms
Next Post: MalVirt Loaders Exploit .NET Virtualization to Deliver Malvertising Attacks Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.