Atlassian fixed critical authentication vulnerability in Jira Software

Atlassian fixed a critical flaw in Jira Service Management Server and Data Center that can allow an attacker to impersonate another user and gain access to a Jira Service Management instance.

Atlassian has released security updates to address a critical vulnerability in Jira Service Management Server and Data Center, tracked as CVE-2023-22501 (CVSS score: 9.4), that could be exploited by an attacker to impersonate another user and gain unauthorized access to other Jira Service Management instances under certain circumstances.

“An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances.” reads the advisory published by the Australian software services provider. “With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases:

If the attacker is included on Jira issues or requests with these users, or
If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users.”

The vulnerability affects the following versions:

5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.5.0

The issue doesn’t impact users synced to Jira via read-only User Directories or single sign-on (SSO), however, external customers who interact with the instance via email are still affected, even when SSO is configured.

Atlassian addressed the flaw with the release of versions 5.3.3, 5.3.3, 5.5.1, and 5.6.0.

The advisory pointed out that users accessing their Jira site via an atlassian.net domain, it is hosted by Atlassian and you are not affected by the vulnerability. atlassian.net domain, it is hosted by Atlassian and you are not affected by the vulnerability.

Atlassian emphasized that Jira sites hosted on the cloud via an atlassian[.]net domain are not affected by the flaw and no action is required in this case.

In November 2022, the company addressed critical-severity vulnerabilities in its identity management platform, Crowd Server and Data Center, and in the Bitbucket Server and Data Center, a self-managed solution that provides source code collaboration for professional teams.

The vulnerability in the Bitbucket source code repository hosting service, tracked as CVE-2022-43781, is a critical command injection vulnerability.

The vulnerability received a CVSS score of 9/10 and affects Bitbucket Server and Data Center version 7 and, and version 8 if “mesh.enabled” is set to false in bitbucket.properties.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Moshen Dragon)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.