Atlassian patches serious Jira authentication flaw

Atlassian patches serious Jira authentication flaw



(Image credit score: Shutterstock)

Atlassian has revealed it has fastened a significant flaw of their Service Management Server and Data Center merchandise.

The vulnerability, tracked as CVE-2023-22501, permits risk actors to impersonate (opens in new tab) folks and acquire entry to a Jira Service Management occasion below sure circumstances. It has been given a severity rating of 9.4, making it a vital flaw. 

“With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to sign-up tokens sent to users with accounts that have never been logged into,” Atlassian famous in its description of the vulnerability.

Vulnerable variations

The firm defined {that a} risk actor may be capable to get the tokens by being included on Jira points or requests with the customers, or in the event that they one way or the other acquire an e-mail with the “View Request” hyperlink. 

“Bot accounts are particularly susceptible to this scenario,” Atlassian additional defined. “On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.”

These are the Jira variations susceptible to the flaw: 5.3.0; 5.3.1; 5.3.2; 5.4.0; 5.4.1, and 5.5.0. To be on the secure aspect, ensure to carry your Jira as much as variations 5.3.3; 5.4.2; 5.5.1, or 5.6.0. 

Atlassian merchandise appear to be a preferred goal amongst cybercriminals. In October final 12 months, the US Cybersecurity and Infrastructure Agency (CISA) famous {that a} high-severity flaw present in two widely-used Atlassian Bitbucket instruments – Server and Data Center, was being actively exploited within the wild. 

See also  Terres rares : la Chine serre les boulons sur les exportations de ses technologies

Before that, in July, it was reported that Jira, Confluence, and Bamboo, have been susceptible to CVE-2022-26136, an arbitrary Servlet Filter bypass that allowed risk actors to bypass customized Servlet FIlters that third-party apps use for authentication. The flaw was deemed high-severity. 

  • Here’s our listing of the very best firewalls (opens in new tab)

Via: Infosecurity Magazine (opens in new tab)

Sign as much as theTechRadar Pro e-newsletter to get all the highest information, opinion, options and steering your small business must succeed!

Sead is a seasoned freelance journalist based mostly in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, knowledge breaches, legal guidelines and rules). In his profession, spanning greater than a decade, he’s written for quite a few media retailers, together with Al Jazeera Balkans. He’s additionally held a number of modules on content material writing for Represent Communications.

…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : TechRadar – https://www.techradar.com/news/atlassian-patches-serious-jira-authentication-flaw

Related Content

Avec ce nouveau casque, Sony signe le retour d’une technologie oubliée depuis trop longtemps (et c’est plutôt chouette) [Sponso]

By Tech-News TeamMay 17, 2024

Microsoft dévoilera ses puces Cobalt personnalisées surpuissantes

By Tech-News TeamMay 17, 2024

New JAMB results release May 2024

By Tech-News TeamMay 16, 2024

Exclusive: Flutterwave loses ₦11 billion in security breach

By Tech-News TeamMay 16, 2024
Exit mobile version