Atlassian has revealed that it has fixed a major flaw in its Service Management Server and Data Center products.
The vulnerability tracked as CVE-2023-22501 allows cybercriminals to impersonate (opens in a new tab) people and access a Jira Service Management instance under certain circumstances. It received a severity rating of 9.4, making it a critical flaw.
“With write access to the user directory and enabling outbound mail on the Jira Service Management instance, an attacker could gain access to registration tokens sent to users with accounts that have never been logged in,” Atlassian noted in the vulnerability description.
The company explained that a cybercriminal can obtain the tokens if they are included in Jira’s issues or requests with users, or if they somehow receive an email with a “View Request” link.
“Bot accounts are particularly vulnerable to this scenario,” Atlassian further explained. “In single sign-on instances, external customer accounts can be compromised in projects where anyone can create their own account.”
Here are Jira versions affected by the vulnerability: 5.3.0; 5.3.1; 5.3.2; 5.4.0; 5.4.1 and 5.5.0. Upgrade Jira to 5.3.3 just in case; 5.4.2; 5.5.1 or 5.6.0.
Atlassian products seem to be a popular target among cybercriminals. Last October, the U.S. Cybersecurity and Infrastructure Agency (CISA) noted that a high-severity vulnerability found in two widely used Atlassian Bitbucket tools — Server and Data Center — was actively exploited in the wild.
Earlier in July, it was reported that Jira, Confluence, and Bamboo were vulnerable to CVE-2022-26136, an arbitrary servlet filter bypass that allowed attackers to bypass custom servlet filters used by third-party applications for authentication. The defect was considered very serious.
By: Security Information Warehouse (opens in a new tab)