CyberSecurityBoard
Sponsor Register Login

Atlassian Alerts of Major Security Issue with Jira Service Management

This week, Atlassian warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow malicious actors to impersonate Jira users. If an attacker has write access to a User Directory and outgoing email is enabled on a Jira Service Management instance, they can gain access to signup tokens sent to users with accounts that have never been logged into. This can be done by obtaining tokens included in Jira issues or requests with these users, or by obtaining emails containing View Request links from these users. Bot accounts and external customer accounts on instances with single sign-on may also be affected if account creation is open to anyone. Patches for this vulnerability have been released in Jira Service Management Server and Data Center versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0, and users are encouraged to update their Jira installations as soon as possible. This vulnerability does not affect Jira sites hosted by Atlassian and accessed via an atlassian.net domain.

This Cyber News was published on www.securityweek.com. Publication date: Fri, 03 Feb 2023 16:55:03 +0000


Cyber News related to Atlassian Alerts of Major Security Issue with Jira Service Management

Fixing a Major Security Issue in Jira Service Management Server and Data Center - This week, a major security vulnerability was fixed in Jira Service Management Server, a popular IT services management platform for enterprises. This vulnerability could have allowed attackers to impersonate users and gain access to access tokens. ...
2 years ago Csoonline.com CVE-2023-22501
Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
1 year ago Packetstormsecurity.com CVE-2023-22518 CVE-2023-22522 CVE-2023-22523
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
Jira Down: Atlassian users experiencing degraded performance - Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Similar status updates have been issued for Atlassian offerings like Jira Service Management, Jira ...
5 months ago Bleepingcomputer.com
CVE-2025-22157 - This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: ...
4 months ago
How To Prioritize Threat Intelligence Alerts In A High-Volume SOC - This article explores practical strategies and frameworks for prioritizing threat intelligence alerts in high-volume SOC environments, helping security teams focus on what matters most while reducing alert fatigue and improving overall security ...
5 months ago Cybersecuritynews.com
Atlassian Alerts of Major Security Issue with Jira Service Management - This week, Atlassian warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow malicious actors to impersonate Jira users. If an attacker has write access to a User Directory and ...
2 years ago Securityweek.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
6 months ago Cybersecuritynews.com
Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
1 year ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515
Jira Down - Atlassian Jira Outage Disrupts Dashboard Access for Users Globally - Atlassian, the company behind Jira, a leading project management and issue-tracking platform, is grappling with a significant service disruption that has left users unable to load certain Dashboard widgets. According to Atlassian’s incident report, ...
5 months ago Cybersecuritynews.com
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
1 year ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515 Trigona
CVE-2020-36239 - Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 ...
3 years ago
15 Best Website Monitoring Tools in 2025 - What is Good ?What Could Be Better ?SolarWinds allows network, infrastructure, application, and other monitoring.SolarWinds’ security was questioned after a major breach.The platform’s interface is easy to set up and use.Basic monitoring ...
2 months ago Cybersecuritynews.com
CVE-2022-26137 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security ...
1 year ago
20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
2 months ago Cybersecuritynews.com
CVE-2022-26136 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This ...
1 year ago
How Data Ingestion Works in SOAR - SOAR tools work as consolidation platforms for security alerts and incident response. Endpoint security tools, network security tools, email systems, and other tools collect logs, run detection rules and generate alerts. SOAR then ingests those ...
1 year ago Securityboulevard.com
Atlassian Patches Critical Remote Code Execution Vulnerabilities - Business software maker Atlassian this week announced updates that address critical-severity remote code execution vulnerabilities in Confluence and other products. Atlassian, which rates the vulnerability with a CVSS score of 9.0, notes that an ...
1 year ago Securityweek.com CVE-2023-22524 CVE-2023-22523 CVE-2022-1471
15 Best Bandwidth Monitoring Tools in 2025 - By providing real-time data on network usage, bandwidth monitoring tools enable proactive management and quick resolution of issues that could impact network performance. It provides real-time monitoring of network performance, traffic analysis, and ...
2 months ago Cybersecuritynews.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
1 year ago Securityboulevard.com
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
5 months ago Cybersecuritynews.com
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
1 year ago Bleepingcomputer.com CVE-2023-22527
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
1 year ago Bleepingcomputer.com CVE-2023-22522 CVE-2023-22524 CVE-2022-1471 CVE-2023-22523
Atlassian Patches RCE Flaw that Affected Multiple Products - Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in multiple products. The CVEs for these vulnerabilities have been assigned as CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471. ...
1 year ago Gbhackers.com CVE-2023-22522 CVE-2023-22523 CVE-2023-22524 CVE-2022-1471
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
1 year ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)