- 32/2023
- Critical
Atlassian has released a security update to fix a critical vulnerability in multiple versions of the Jira Service Management Server and Data Center.
The mentioned vulnerability could allow the attacker to impersonate another user and gain access to the Jira Service Management instance under certain circumstances:
• Write access to the User Directory is enabled.
• Outgoing email on Jira Service Management is enabled.
Jira Service Management Server and Data Center Authentication Vulnerability (CVE-2023-22501):
• CVSS: 9.4
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
Affected versions:
• 5.3.0 , 5.3.1 , 5.3.2.
• 5.4.0 , 5.4.1.
• 5.5.0.
Vulnerabilities
- CVE-2023-22501
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.