Atlassian has released a security advisory to address a critical broken authentication vulnerability in Jira Service Management Server and Data Center (CVE-2023-22501). Under certain conditions, an attacker might use this vulnerability to impersonate another user to access a Jira Service Management instance.
Jira Service Management is designed to unlock high-velocity teams by allowing each team to give excellent service quickly, increasing work visibility, and accelerating the pace at which work is transferred between the development, IT, and business teams.
Jira Service Management Data Center is an enterprise IT Service Management Solution that allows teams to work together to meet security and compliance requirements while providing excellent customer service.
The broken authentication vulnerability in Jira Service Management Server and Data Center can be exploited under certain circumstances. The vulnerability can allow an attacker to impersonate another user and gain access to a Jira Service Management instance.
An attacker can exploit this vulnerability on a Jira Service Management instance with write access to a User Directory and outgoing email enabled. An attacker could intercept signup tokens issued to users with accounts that have never been signed into. An attacker can get access to these tokens in the two cases mentioned below:
- If the attacker has access to these users’ Jira issues or requests, or
- If emails from these users with “View Request” links are forwarded to the attacker or if the attacker somehow gets access to the emails.
Bot accounts are mainly vulnerable to this scenario. In projects where anyone can create an account, single sign-on situations may have an impact on external customer accounts.
The vulnerability affects the following versions of the Jira Service Management Server and Data Center:
Atlassian recommends its users upgrade to one of the listed fixed versions (or any later version):
- 5.6.0 or later
Please refer to the Jira Service Management Server and Data Center Advisory for more information.
Atlassian recommends a temporary workaround for the mitigation of vulnerability. Users can manually upgrade the version-specific servicedesk-variable-substitution-plugin JAR file. The jar files associated with the Jira Service Management Versions are mentioned below:
|Jira Service Management Versions||Jar files|
|5.3.0, 5.3.1, 5.3.2||servicedesk-variable-substitution-plugin-5.3.3-REL-0001.jar|