CyberSecurityBoard
Sponsor Register Login

Atlassians Jira Software Discovered to Have a Severe Authentication Security Issue

Atlassian has identified and released fixes for a critical security vulnerability in Jira Service Management Server and Data Center. This vulnerability, tracked as CVE-2023-22501, is a case of broken authentication with low attack complexity. It allows an attacker to impersonate another user and gain unauthorized access to a Jira Service Management instance. This vulnerability was introduced in version 5.3.0 and affects all subsequent versions. Fixes have been made available in versions 5.3.3, 5.3.3, 5.5.1, and 5.6.0 or later. The vulnerability can be exploited if write access to a User Directory and outgoing email are enabled on a Jira Service Management instance. The attacker can gain access to signup tokens sent to users with accounts that have never been logged into. Jira sites hosted on the cloud via an atlassian[. Net domain are not affected by the flaw and no action is required in this case. It is important for users to upgrade their installations to the latest versions to protect against potential threats.

This Cyber News was published on thehackernews.com. Publication date: Fri, 03 Feb 2023 12:47:02 +0000


Cyber News related to Atlassians Jira Software Discovered to Have a Severe Authentication Security Issue

Fixing a Major Security Issue in Jira Service Management Server and Data Center - This week, a major security vulnerability was fixed in Jira Service Management Server, a popular IT services management platform for enterprises. This vulnerability could have allowed attackers to impersonate users and gain access to access tokens. ...
2 years ago Csoonline.com
Atlassians Jira Software Discovered to Have a Severe Authentication Security Issue - Atlassian has identified and released fixes for a critical security vulnerability in Jira Service Management Server and Data Center. This vulnerability, tracked as CVE-2023-22501, is a case of broken authentication with low attack complexity. It ...
2 years ago Thehackernews.com
Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
1 year ago Packetstormsecurity.com
CVE-2020-36239 - Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 ...
2 years ago
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
11 months ago Feeds.dzone.com
McCaffrey Joins 'ASTORS' Champion SIMS Software Board of Advisors - SIMS Software, the leading provider of security information management software to the government and defense industries - and the 2023 Platinum 'ASTORS' Award Champion for Best Security Workforce Management Solution, is delighted to announce that ...
1 year ago Americansecuritytoday.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
1 year ago Pandasecurity.com
Atlassian Alerts of Major Security Issue with Jira Service Management - This week, Atlassian warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow malicious actors to impersonate Jira users. If an attacker has write access to a User Directory and ...
2 years ago Securityweek.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
1 year ago Feeds.dzone.com
Mastering SDLC Security: Best Practices, DevSecOps, and Threat Modeling - In the ever-evolving landscape of software development, it's become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle. Each of these have illuminated different vulnerabilities that can be exploited ...
1 year ago Securityboulevard.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
4 months ago Helpnetsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
1 year ago Securityboulevard.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
11 months ago Esecurityplanet.com
Biometric Authentication in Business: Enhancing Security - With its high level of security, convenience, user-friendliness, and accuracy, biometric authentication is paving the way for the future of secure authentication in the business world. One of the primary advantages of implementing biometric ...
1 year ago Securityzap.com
DevSecOps: Definition, Benefits and Best Practices - DevSecOps is an approach that focuses on the alignment of the three core pillars of DevOps — Development, Operations, and Security. It’s a combination of processes, tools and practices designed to enable organizations to adopt innovative and ...
2 years ago Heimdalsecurity.com
Consumer Software Security Assessment: Should We Follow NHTSA's Lead? - The US National Highway Traffic Safety Administration is dedicated to its mission: "To save lives, prevent injuries, and reduce economic costs due to road traffic crashes, through education, research, safety standards, and enforcement." Is it time to ...
1 year ago Darkreading.com
The Crucial Need for a Secure Software Development Lifecycle in Today's Digital Landscape - In today's increasingly digital world, software is the backbone of business operations, from customer-facing applications to internal processes. The rapid growth of software development has also made organizations more vulnerable to security threats. ...
1 year ago Cyberdefensemagazine.com
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
New Survey Finds a Paradox of Confidence in Software Supply Chain Security - Get results of and analysis on ESG's new survey on supply chain security. New research reveals that, despite increasing attacks and incidents against software supply chains, a surprising number of firms believe their defense is sufficient. This gap ...
8 months ago Securityboulevard.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
11 months ago Cybersecuritynews.com
CVE-2012-5010 - ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, ...
1 year ago
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
ISAs and the Dawning Hardware Security Revolution - The eternal cat-and-mouse game pitting IT security improvements against evolving attacker exploits is usually framed as an arms race of rising software sophistication. Security teams implement firewall software, antivirus protection, data encryption, ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)