Atlassian warns of critical Jira Service Management auth flaw

7 tháng 2, 2023

A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.

Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get "access to a Jira Service Management instance under certain circumstances."


"With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into" - Atlassian


Tracked as CVE-2023-22501, the vulnerability has a critical severity score of 9.4, as calculated by Atlassian. It could be used to target bot accounts in particular, due to their frequent interactions with other users and their increased likelihood to be included in Jira issues or requests or receiving emails with a "View Request" link - either condition being necessary for acquiring signup tokens.


Atlassian has released updates that address the issue and advises admins to upgrade to versions 5.3.35.4.25.5.1, and 5.6.0 or later.


If the update cannot be installed immediately, the vendor has provided for a workaround in the form of a JAR file that can be used to manually upgrade the "servicedesk-variable-substitution-plugin," as described in the steps below:


  1. Download the version-specific JAR from the advisory
  2. Stop Jira
  3. Copy the JAR file into the Jira home directory ("<Jira_Home>/plugins/installed-plugins" for servers or "<Jira_Shared/plugins/installed-plugins"> for data centers)
  4. Restart the service


Atlassian has also published a FAQ page explaining that the upgrade is recommended even if the instances are not exposed to the public internet or have an external user directory with single sign-on (SSO) enabled.


As a warning, password changes performed by an attacker will not generate an email notification to the account owner, making it more difficult to detect a compromise.


However, after applying the available security update or the JAR file workaround, admins can check which accounts changed their passwords and logged in since installing the previous version, which could reveal unauthorized access to the accounts.


Atlassian recommends that administrators force a password reset on all potentially breached users and ensure that their email addresses are correct.


If a breach has been detected, the recommendation is to immediately shut down and disconnect the compromised server from the network to minimize the extent of the attack.


Source: BleepingComputer.com

Bạn cũng có thể quan tâm

4 tháng 6, 2024
Bộ định tuyến chơi game TP-Link Archer C5400X dễ mắc phải các lỗi bảo mật có thể cho phép kẻ tấn công từ xa, không được xác thực thực thi các lệnh trên thiết bị.
3 tháng 6, 2024
Ngày 27 tháng 5 Check Point đã cảnh báo rằng các tác nhân đe dọa đang nhắm mục tiêu vào các thiết bị VPN truy cập từ xa của Check Point trong một chiến dịch đang diễn ra nhằm xâm phạm mạng doanh nghiệp.
31 tháng 5, 2024
Công ty quản lý đơn thuốc Sav-Rx cảnh báo hơn 2,8 triệu cá nhân ở Hoa Kỳ việc họ đã bị vi phạm dữ liệu và dữ liệu cá nhân của họ đã bị đánh cắp trong một cuộc tấn công mạng năm 2023.
Thêm bài viết
Share by: