The CVE-2023-22501 (CVSS score of 9.4) was caused by an error in the authentication validation process. An attacker could perform a specially crafted request to access a user’s account and gain access to a Jira service management instance. The vulnerability has been rated as critical by Atlassian.
In response to a critical security issue in Jira’s Data Center and Service Management Server, Atlassian has released fixes. The vulnerability could allow an attacker to access sensitive instances without being detected.
The vulnerability was found in Jira’s Data Center, and the Service Management Server allows an attacker to access a Jira service management instance by impersonating a user under certain circumstances.
With write access to the user directory and an outgoing email enabled on a service management instance, an attacker can access the signup tokens sent by Jira to users who have not logged in. An attacker can then access these tokens in two ways:
- If the attacker is included on Jira issues or requests with these users, or
- If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users.
This vulnerability is especially apparent for bot accounts. An external customer account may be affected in projects that allow everyone to create their own accounts using a single sign-on method.
What versions are affected?
The vulnerability affects the following versions of Jira used for data center and service management.
Fixed versions Released:
Steps to remediate the vulnerability
The recommended method to resolve this vulnerability is to update Jira Service Management to a fixed version. This will fix it and prevent it from getting exploited. If you’re not able to upgrade immediately, consider using the temporary fix in the servicedesk-variable-substitution-plugin JAR file as an alternative.
To update the servicedesk-variable-substitution-plugin JAR file:
- Download the version-specific JAR file from the table above.
- Stop Jira.
- Copy the JAR file into your Jira home directory.
- For Server: <Jira_Home>/plugins/installed-plugins
- For Data Center: <Jira_Shared>/plugins/installed-plugins
- Start Jira.
How PingSafe can help you stay ahead of such vulnerabilities
With PingSafe’s platform, you can easily identify and address the most critical security issues that affect your cloud computing environment. Its vulnerability management and container security capabilities can help you respond quickly to these threats.
PingSafe’s platform helps you achieve this by identifying vulnerabilities and misconfigurations and enforcing proper access controls in your container workloads. PingSafe scans your container images and compute machines and checks for the vulnerable components of your cloud infrastructure with the affected vulnerability. PingSafe helps your organization to detect and prioritize the issue by assessing risk and severity in real-time.
PingSafe’s cloud security platform helps you stay on top of new zero-day attacks and improve your security posture across multiple cloud accounts.
Sign up for a personalized demo to learn more.