CyberSecurityBoard
Sponsor Register Login

Atlassian Resolves Major Issue Allowing Access to Jira Service Management

A major security flaw has been discovered in Atlassian's Jira Service Management Server and Data Center, which could allow an unauthorized user to pretend to be someone else and gain remote access to the system. The vulnerability, tracked as CVE-2023-22501, has a critical severity score of 9.4 and affects versions 5.3.0 to 5.5.0. It is particularly dangerous for bot accounts, as they are more likely to be included in Jira issues or requests or receive emails with a View Request link, which is necessary for acquiring signup tokens. Atlassian has released updates to fix the issue and recommends admins upgrade to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later. They have also provided a workaround in the form of a JAR file. After applying the update or the JAR file, admins should check which accounts have changed their passwords and logged in since the previous version, as this could indicate unauthorized access. If a breach is detected, the server should be shut down and disconnected from the network to limit the damage.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 03 Feb 2023 14:33:02 +0000


Cyber News related to Atlassian Resolves Major Issue Allowing Access to Jira Service Management

Fixing a Major Security Issue in Jira Service Management Server and Data Center - This week, a major security vulnerability was fixed in Jira Service Management Server, a popular IT services management platform for enterprises. This vulnerability could have allowed attackers to impersonate users and gain access to access tokens. ...
2 years ago Csoonline.com CVE-2023-22501
Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
1 year ago Packetstormsecurity.com CVE-2023-22518 CVE-2023-22522 CVE-2023-22523
Jira Down: Atlassian users experiencing degraded performance - Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Similar status updates have been issued for Atlassian offerings like Jira Service Management, Jira ...
5 months ago Bleepingcomputer.com
CVE-2025-22157 - This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: ...
4 months ago
Atlassian Alerts of Major Security Issue with Jira Service Management - This week, Atlassian warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow malicious actors to impersonate Jira users. If an attacker has write access to a User Directory and ...
2 years ago Securityweek.com
Jira Down - Atlassian Jira Outage Disrupts Dashboard Access for Users Globally - Atlassian, the company behind Jira, a leading project management and issue-tracking platform, is grappling with a significant service disruption that has left users unable to load certain Dashboard widgets. According to Atlassian’s incident report, ...
5 months ago Cybersecuritynews.com
Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
1 year ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515
20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
2 months ago Cybersecuritynews.com
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
1 year ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515 Trigona
CVE-2020-36239 - Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 ...
3 years ago
CVE-2022-26137 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security ...
1 year ago
CVE-2022-26136 - A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This ...
1 year ago
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
1 year ago Bleepingcomputer.com CVE-2023-22527
Atlassian Patches Critical Remote Code Execution Vulnerabilities - Business software maker Atlassian this week announced updates that address critical-severity remote code execution vulnerabilities in Confluence and other products. Atlassian, which rates the vulnerability with a CVSS score of 9.0, notes that an ...
1 year ago Securityweek.com CVE-2023-22524 CVE-2023-22523 CVE-2022-1471
Atlassian Resolves Major Issue Allowing Access to Jira Service Management - A major security flaw has been discovered in Atlassian's Jira Service Management Server and Data Center, which could allow an unauthorized user to pretend to be someone else and gain remote access to the system. The vulnerability, tracked as ...
2 years ago Bleepingcomputer.com CVE-2023-22501
Atlassian patches critical RCE flaws across multiple products - Atlassian has published security advisories for four critical remote code execution vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS. All security issues addressed received a critical-severity ...
1 year ago Bleepingcomputer.com CVE-2023-22522 CVE-2023-22524 CVE-2022-1471 CVE-2023-22523
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
1 year ago Securityboulevard.com
Atlassian Patches RCE Flaw that Affected Multiple Products - Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in multiple products. The CVEs for these vulnerabilities have been assigned as CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471. ...
1 year ago Gbhackers.com CVE-2023-22522 CVE-2023-22523 CVE-2023-22524 CVE-2022-1471
Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers - Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a ...
1 year ago Thehackernews.com CVE-2023-22515 CVE-2023-22518
Atlassians Jira Software Discovered to Have a Severe Authentication Security Issue - Atlassian has identified and released fixes for a critical security vulnerability in Jira Service Management Server and Data Center. This vulnerability, tracked as CVE-2023-22501, is a case of broken authentication with low attack complexity. It ...
2 years ago Thehackernews.com CVE-2023-22501
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
6 months ago Cybersecuritynews.com
Cloudflare publishes details of Thanksgiving security breach The Register - Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October. In a write-up on Thursday, CEO Matthew Prince, CTO John ...
1 year ago Go.theregister.com
Patch Now: Critical Atlassian Bugs Endanger Enterprise Apps - It's time to patch again: Four critical security vulnerabilities in Atlassian software open the door to remote code execution and subsequent lateral movement within enterprise environments. They are just the latest bugs to surface of late in the ...
1 year ago Darkreading.com CVE-2022-1471 CVE-2023-22522 CVE-2023-22524
Atlassian Confluence Server RCE attacks underway The Register - More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. Atlassian ...
1 year ago Go.theregister.com CVE-2023-22527

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)