Identity, Risk Assessments/Management

Critical Jira software flaw addressed

Atlassian has issued fixes for a critical flaw in its Jira software, which threat actors could exploit to evade authentication protections, The Hacker News reports. Viettel Cyber Security's Khoadha discovered the vulnerability, tracked as CVE-2022-0540, within the Jira Seraph authentication framework and impacts various versions of Jira Core Server, Jira Software Server, and Jira Software Data Center, as well as Jira Service Management Server and Jira Service Management Data Center. "A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration," said Atlassian. Jira versions 8.13.18, 8.20.6, and 8.22.0 address the vulnerability, and so do Jira Service Management versions 4.13.18, 4.20.6, and 4.22.0. However, first and third-party apps are only impacted by the bug if installed within the flawed Jira or Jira Service Management versions while leveraging vulnerable configurations, according to Atlassian. Immediate patching has been advised.

Related

More data broker regulation needed in draft privacy bill

More protections against data brokers were urged by lawmakers and data privacy experts to be added to the draft American Privacy Rights Act, which would only allow the deletion of consumer data provided that individual requests are made to the data brokers, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.