"Atlassian Patches Critical Authentication Flaw in Jira Software"

Atlassian has recently released multiple patches to fix a critical security vulnerability in Jira Service Management Server and Data Center.  The flaw (tracked CVE-2023-22501) has a CVSS score of 9.4 and can reportedly be exploited by attackers to impersonate other users and obtain unauthorized access to affected instances.  The company noted that with write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to sign-up tokens sent to users with accounts that have never been logged into.  The company stated that access to these tokens can be obtained either via an attacker being included on Jira issues or requests with these users or if the attacker is forwarded (or otherwise gains access to) emails containing a "View Request" link.  The company noted that bot accounts are particularly susceptible to this scenario.  In instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.  The Jira versions affected by the vulnerability are 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0.  Atlassian has confirmed patches were released for versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0.  The company has urged customers to update to the latest patched version to protect their Jira instances from threat actors.

Infosecurity reports: "Atlassian Patches Critical Authentication Flaw in Jira Software"