A major security flaw has been discovered in Atlassian's Jira Service Management Server and Data Center, which could allow an unauthorized user to impersonate other users and gain remote access to the system. The vulnerability, tracked as CVE-2023-22501, has a critical severity score of 9.4 and affects versions 5.3.0 through 5.5.0. It is particularly dangerous for bot accounts, as they are more likely to be included in Jira issues or requests or receive emails with a View Request link, which is necessary for acquiring signup tokens. Atlassian has released updates to address the issue and recommends admins upgrade to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later. Additionally, they suggest admins check which accounts have changed their passwords and logged in since the previous version was installed, as this could indicate unauthorized access. If a breach is detected, it is recommended to immediately shut down and disconnect the compromised server from the network.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 03 Feb 2023 15:12:02 +0000