• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
atlassian's jira software found vulnerable to critical authentication vulnerability

Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability

You are here: Home / General Cyber Security News / Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability
February 3, 2023

Atlassian has launched fixes to solve a critical security flaw in Jira Assistance Administration Server and Facts Middle that could be abused by an attacker to go off as a different user and achieve unauthorized access to susceptible circumstances.

The vulnerability is tracked as CVE-2023-22501 (CVSS rating: 9.4) and has been described as a situation of broken authentication with very low attack complexity.

“An authentication vulnerability was found out in Jira Provider Management Server and Knowledge Middle which lets an attacker to impersonate a further person and attain access to a Jira Service Administration occasion less than selected circumstances,” Atlassian explained.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“With compose accessibility to a User Listing and outgoing email enabled on a Jira Service Administration occasion, an attacker could gain obtain to signup tokens sent to end users with accounts that have never ever been logged into.”

The tokens, Atlassian famous, can be attained in possibly of the two situations –

  • If the attacker is bundled on Jira issues or requests with these end users, or
  • If the attacker is forwarded or usually gains entry to emails containing a “See Ask for” website link from these customers

It also cautioned that when consumers who are synced to the Jira assistance via read through-only Person Directories or single indicator-on (SSO) are not affected, external clients who interact with the occasion by means of email are influenced, even when SSO is configured.

The Australian computer software companies supplier said the vulnerability was launched in edition 5.3. and impacts all subsequent versions 5.3.1, 5.3.2, 5.4., 5.4.1, and 5.5.. Fixes have been made obtainable in variations 5.3.3, 5.3.3, 5.5.1, and 5.6. or afterwards.

Atlassian emphasized that Jira web sites hosted on the cloud by way of an atlassian[.]net area are not afflicted by the flaw and that no motion is expected in this case.

The disclosure arrives far more than two months soon after the firm closed two critical security holes Bitbucket Server, Data Center, and Crowd items (CVE-2022-43781 and CVE-2022-43782) that could be exploited to get code execution and invoke privileged API endpoints.

With flaws in Atlassian solutions getting an alluring attack vector in new months, it is vital that customers update their installations to the latest variations to mitigate possible threats.

Located this posting appealing? Stick to us on Twitter  and LinkedIn to read through extra distinctive information we article.


Some elements of this write-up are sourced from:
thehackernews.com

Previous Post: «new high severity vulnerabilities discovered in cisco iox and f5 big ip New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
Next Post: IT Leaders Reveal Cyber Fears Around ChatGPT Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.