Atlassian has issued fixes for a critical flaw in its Jira software, which threat actors could exploit to evade authentication protections, The Hacker News reports.
Viettel Cyber Security's Khoadha discovered the vulnerability, tracked as CVE-2022-0540, within the Jira Seraph authentication framework and impacts various versions of Jira Core Server, Jira Software Server, and Jira Software Data Center, as well as Jira Service Management Server and Jira Service Management Data Center.
"A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration," said Atlassian. Jira versions 8.13.18, 8.20.6, and 8.22.0 address the vulnerability, and so do Jira Service Management versions 4.13.18, 4.20.6, and 4.22.0. However, first and third-party apps are only impacted by the bug if installed within the flawed Jira or Jira Service Management versions while leveraging vulnerable configurations, according to Atlassian. Immediate patching has been advised.
Identity, Risk Assessments/Management
Critical Jira software flaw addressed
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds