Advisory February 3, 2023

Jira Service Management Server and Data Center Advisory (CVE-2023-22501)

The Obrela SOC Team

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the security bypass affecting the Jira Service Management Server and Data Center.

The flaw, tracked as CVE-2023-22501 (CVSS score of 9.4), was caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to impersonate another user and gain access to a Jira Service Management instance.

“An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into,” the company claimed.

Jira Service Management Server and Data Center versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0 are impacted by the CVE-2023-22501 flaw, with fixes available in versions 5.3.3, 5.4.2, 5.5.1, 5.6.0 or later. Alternatively, users can manually upgrade the version-specific servicedesk-variable-substitution-plugin JAR file as a temporary workaround.

Instances on the Atlassian Cloud remain unaffected.

While Atlassian has pointed out that there’s no evidence of active exploitation of the flaw, users can look for indicators of compromise by investigating your instances for potential unauthorized access.

The Threat Hunting and SOC teams of OBRELA remain vigilant and continue to monitor the activity.

References:

https://securityonline.info/cve-2023-22501-critical-flaw-in-atlassian-jira-service-management-server-and-data-center/

https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-2023-02-01-1188786458.html