Atlassian has revealed it has fixed a major flaw in its service management server and data center products.
The vulnerability, tracked as CVE-2023-22501, allows threat actors to impersonate people and gain access to a Jira Service Management instance under certain circumstances. It has been given a severity score of 9.4, making it a critical flaw.
“With write access to a user directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to sign-up tokens sent to users with accounts that have never been logged into,” Atlassian noted in its description of the vulnerability.
The company explained that a threat actor might be able to get the tokens by being included on Jira issues or requests with the users or if they somehow obtain an email with the “View Request” link.
“Bot accounts are particularly susceptible to this scenario,” Atlassian further explained. “On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their account.”
These are the Jira versions vulnerable to the flaw: 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0. To be on the safe side, make sure to bring your Jira up to versions 5.3.3, 5.4.2, 5.5.1, or 5.6.0.
Atlassian products seem to be a popular target among cybercriminals. In October last year, the US Cybersecurity and Infrastructure Agency (CISA) noted that a high-severity flaw found in two widely-used Atlassian Bitbucket tools—the server and data center—was being actively exploited in the wild.
Before that, in July, it was reported that Jira, Confluence, and Bamboo were vulnerable to CVE-2022-26136, an arbitrary Servlet Filter bypass that allowed threat actors to bypass custom Servlet Filters that third-party apps use for authentication. The flaw was deemed severe.