The Jira Data Center and Service Management Server includes a major vulnerability that has been tracked as CVE-2023-22501 (CVSS score: 9.4) and has been patched by Atlassian . Under some conditions, an attacker could use this vulnerability to assume the identity of another user and gain unauthorized access to other Jira Service Management instances.
Users who visit your Jira site through an atlassian.net domain are not exposed to the vulnerability, as noted in the alert. If your Jira site is hosted on Atlassian it will not be affected. atlassian.net, is hosted by Atlassian, which means that the security vulnerability is not exposed.
Jira sites that are hosted in the cloud and use an atlassian domain[.]net are not vulnerable to the issue, according to Atlassian, and users do not need to take any preventative action in this scenario.
According to Atlassian, the vulnerability affects versions 5.3.0 to 5.5.0, and criminals have the potential to gain “access to a Jira Service Management instance under certain conditions.”
“An attacker could gain access to registration tokens provided to users with accounts they had never signed in to if they had write access to a user directory with outbound email enabled on a Jira Service Management server.”
It is possible to use it to specifically target bot accounts due to the frequent interactions they have with other users and the higher probability that they will be listed on vulnerabilities or Jira requests or receive emails containing a “View Request” link. Any of these conditions are required to acquire registration tokens.
Atlassian addressed this important vulnerability that allowed an attacker to impersonate another user and gain access to a Jira Service Management instance. The vulnerability was present in Jira Service Management Server and Data Center.
Atlassian has provided updates that resolve the vulnerability and encourages administrators to update to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later. These updates can be found on the Atlassian website.
In case the update cannot be implemented immediately the vendor has made available a workaround in the form of a JAR file which can be used to update the “servicedesk variable substitution plugin” manually. The necessary procedures for this are the following:
Download the JAR file that is specific to the version of the notice.
Stop Jira
The JAR file should be copied to the Jira home directory (located at “Jira Home>/plugins/installed-plugins” for servers and “Jira Shared/plugins/installed-plugins” for data centers).
Start the service again.
Both Crowd Server and Data Center, the company’s identity management platform, and Bitbucket Server and Data Center, a self-managed solution that provides source code collaboration for professional teams, had critical severity vulnerabilities as of November 2022. These vulnerabilities were addressed by the company.
A significant command injection vulnerability exists in the Bitbucket source code repository hosting service. This vulnerability is tracked under the identifier CVE-2022-43781.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad