The CVE-2023-22501 (CVSS score of 9.4) was caused by an error in the authentication validation process. An attacker could perform a specially crafted request to access a user’s account and gain access to a Jira service management instance. The vulnerability has been rated as critical by Atlassian.
In response to a critical security issue in Jira’s Data Center and Service Management Server, Atlassian has released fixes. The vulnerability could allow an attacker to access sensitive instances without being detected.
About CVE-2023-22501
The vulnerability was found in Jira’s Data Center, and the Service Management Server allows an attacker to access a Jira service management instance by impersonating a user under certain circumstances.
With write access to the user directory and an outgoing email enabled on a service management instance, an attacker can access the signup tokens sent by Jira to users who have not logged in. An attacker can then access these tokens in two ways:
- If the attacker is included on Jira issues or requests with these users, or
- If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users.
This vulnerability is especially apparent for bot accounts. An external customer account may be affected in projects that allow everyone to create their own accounts using a single sign-on method.
What versions are affected?
The vulnerability affects the following versions of Jira used for data center and service management.
- 5.3.0
- 5.3.1
- 5.3.2
- 5.4.0
- 5.4.1
- 5.5.0
Fixed versions Released:
- 5.3.3
- 5.4.2
- 5.5.1
- 5.6.0
Steps to remediate the vulnerability
The recommended method to resolve this vulnerability is to update Jira Service Management to a fixed version. This will fix it and prevent it from getting exploited. If you’re not able to upgrade immediately, consider using the temporary fix in the servicedesk-variable-substitution-plugin JAR file as an alternative.
To update the servicedesk-variable-substitution-plugin JAR file:
- Download the version-specific JAR file from the table above.
- Stop Jira.
- Copy the JAR file into your Jira home directory.
- For Server: <Jira_Home>/plugins/installed-plugins
- For Data Center: <Jira_Shared>/plugins/installed-plugins
- Start Jira.
How SentinelOne help you stay ahead of such vulnerabilities?
Detect hidden and unknown cyber security threats and address the most critical security issues in your cloud environment. WIth SentinelOne by your side, you will achieve comprehensive cloud-native coverage and get both agent-based and agentless vulnerability protection. Quickly respond to and mitigate these threats, manage security from one multi-cloud console, and get powerful cloud forensics and reporting tools.
SentinelOne is adept at identifying vulnerabilities, simplifies runtime detection, and secures Kubernetes clusters for maximum visibility, security, and agility. It scans containerized workloads and checks for vulnerable components within your cloud infrastructure. SentinelOne helps organizations assess and prioritize security risks in real-time. It uses an Offensive Security engine and simulates zero-day attacks to discover exploits and stay ahead of attackers, thus helping organizations boost their overall cloud security posture in innovative ways.