Identity, Risk Assessments/Management

Critical Jira software flaw addressed

Atlassian has issued fixes for a critical flaw in its Jira software, which threat actors could exploit to evade authentication protections, The Hacker News reports. Viettel Cyber Security's Khoadha discovered the vulnerability, tracked as CVE-2022-0540, within the Jira Seraph authentication framework and impacts various versions of Jira Core Server, Jira Software Server, and Jira Software Data Center, as well as Jira Service Management Server and Jira Service Management Data Center. "A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration," said Atlassian. Jira versions 8.13.18, 8.20.6, and 8.22.0 address the vulnerability, and so do Jira Service Management versions 4.13.18, 4.20.6, and 4.22.0. However, first and third-party apps are only impacted by the bug if installed within the flawed Jira or Jira Service Management versions while leveraging vulnerable configurations, according to Atlassian. Immediate patching has been advised.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.