Broken Authentication vulnerability in Jira Service Management

Broken Authentication vulnerability in Jira Service Management

Jira Service Management Server and Data Center had serious security flaws that have been fixed by Atlassian. An attacker might use these flaws to impersonate another user and access vulnerable instances without authorization.

The flaw has been identified as CVE-2023-22501 (CVSS rating: 9.4) and is characterized as a case of broken authentication with a simple attack vector.

“An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances.” Said Atlassian

Affected versions

Jira Service Management Server and Data Center 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.5.0

Impact

With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases:

  • If the attacker is included on Jira issues or requests with these users, or
  • If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users.

Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account

Remediation

The problem has been fixed by updates from Atlassian, and administrators are advised to update to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later.

The vendor has offered a solution in the form of a JAR file that can be used to manually update the “servicedesk-variable-substitution-plugin” if the update cannot be installed right away, as detailed in the instructions below:

  1. Download the version-specific JAR file from here
  2. Stop Jira.
  3. Copy the JAR file into your Jira home directory.
    1. For Server: <Jira_Home>/plugins/installed-plugins
    2. For Data Center: <Jira_Shared>/plugins/installed-plugins
  4. Start Jira again
Source

https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html

https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-jira-service-management-auth-flaw/

https://thehackernews.com/2023/02/atlassians-jira-software-found.html

Recently

Microsoft advises administrators to patch Exchange servers