New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Atlassian Releases Patches for Critical Authentication Vulnerability in Jira Software

Atlassian has released fixes to patch a new critical vulnerability in Jira Service Management Server and Data Center. The security flaw could enable threat actors to impersonate Jira users and gain unauthorized access to affected instances.

The security vulnerability is tracked as CVE-2023-22501, and it has a critical severity score
(CVSS score) of 9.4. The company has acknowledged that the flaw impacts Jira versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0.

“This advisory discloses a critical severity security vulnerability which was introduced in version 5.3.0 of Jira Service Management Server and Data Center,” Atlassian explained. “With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into.”

According to Atlassian, the attackers could get access to tokens if they’re included in Jira issues or requests. It’s also possible that the hacker gains unauthorized access to sensitive emails with “View Request” links.

Atlassian emphasized that these attacks particularly target bot accounts created to work with Jira Service Management. The vulnerability might also affect external customer accounts in instances with single sign-on. However, it doesn’t impact Jira sites accessed via an atlassian.net domain (Atlassian Cloud instances).

Atlassian urges customers to update their Jira installations

Atlassian has released security updates to address the authentication vulnerability in versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 of Jira Service Management Server and Data Center. The company has recommended customers to install the latest update as soon as possible to protect their Jira instances from cyber attacks.

Meanwhile, Atlassian has also provided a workaround solution for organizations that are unable to immediately deploy the update in their environments. These customers can use a JAR file to manually upgrade the “servicedesk-variable-substitution-plugin,” and you can find more details in the security advisory.

by Rabia Noureen
Feb 6, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.