A critical vulnerability has been identified in Atlassian Jira Service management server and data center product and necessary fixes has been released to resolve it
The vulnerability is tracked as CVE-2023-22501 with a CVSS score: 9.4 and has been described as a case of broken authentication that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances
“With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into.”
The tokens, Atlassian noted, can be obtained in either of the two scenarios –
- If the attacker is included on Jira issues or requests with these users, or
- If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users
Users who are synced to the Jira service via read-only User Directories or single sign-on (SSO) are not affected. External customers who interact with the instance via email are affected, even when SSO is configured.
Atlassian says that the vulnerability was identified in version 5.3.0 and impacts all subsequent versions 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. Fixes have been made available in versions 5.3.3, 5.3.3, 5.5.1, and 5.6.0 or later.
Atlassian emphasized that Jira sites hosted on the cloud via an atlassian[.]net domain are not affected by the flaw and that no action is required in this case.
Its crucial that users upgrade their installations to the latest versions to mitigate potential brewing threats.