Fixing a Major Security Issue in Jira Service Management Server and Data Center

This week, a major security vulnerability was fixed in Jira Service Management Server, a popular IT services management platform for enterprises. This vulnerability could have allowed attackers to impersonate users and gain access to access tokens. If the system was configured to allow public sign-up, external customers could have been affected as well. The bug was present in versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0 of Jira Service Management Server and Data Center. Atlassian has released fixed versions of the software, as well as a workaround that involves updating a single JAR file in impacted deployments. The vulnerability, tracked as CVE-2023-22501, is classified as a broken authentication issue and is rated as critical severity according to Atlassian's severity scale. If an attacker has write access to a User Directory and outgoing email is enabled on a Jira Service Management instance, they can gain access to signup tokens sent to users with accounts that have never been logged into. These tokens can be obtained if the attacker is included on Jira issues or requests with these users, or if the attacker is forwarded or otherwise gains access to emails containing a View Request link from these users. Bot accounts that were created to work with Jira Service Management are particularly vulnerable to this scenario. Even if the flaw does not affect users synced via read-only User Directories or SSO, users who interact with the instance via email are still affected even when SSO is enabled. Atlassian recommends that companies who do not expose Jira Service Management publicly should still update to a fixed version as soon as possible. If they cannot upgrade the whole system, they should download the fixed servicedesk-variable-substitution-plugin JAR for their particular version, stop Jira, copy the file in the /plugins/installed-plugins directory and then start Jira again. If it is determined that a Jira Service Management Server/DC instance has been compromised, it is advised to immediately shut down and disconnect the server from the network/internet. Additionally, any other systems which potentially share a user base or have common username/password combinations with the compromised system should be shut down. This week, a critical security vulnerability was fixed in Jira Service Management Server, a popular IT services management platform for enterprises. This bug could have allowed attackers to impersonate users and gain access to access tokens, potentially affecting external customers if the system was configured to allow public sign-up. Versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0 of Jira Service Management Server and Data Center were affected. Atlassian has released fixed versions of the software, as well as a workaround that involves updating a single JAR file in impacted deployments. The vulnerability, tracked as CVE-2023-22501, is classified as a broken authentication issue and is rated as critical severity according to Atlassian's severity scale. If an attacker has write access to a User Directory and outgoing email is enabled on a Jira Service Management instance, they can gain access to signup tokens sent to users with accounts that have never been logged into. These tokens can be obtained if the attacker is included on Jira issues or requests with these users, or if the attacker is forwarded or otherwise gains access to emails containing a View Request link from these users. Bot accounts that were created to work with Jira Service Management are particularly vulnerable to this scenario. Even if the flaw does not affect users synced via read-only User Directories or SSO, users who interact with the instance via email are still affected even when SSO is enabled. Atlassian recommends that companies who do not expose Jira Service Management publicly should still update to a fixed version as soon as possible. If they cannot upgrade the whole system, they should download the fixed servicedesk-variable-substitution-plugin JAR for their particular version, stop Jira, copy the file in the /plugins/installed-plugins directory and then start Jira again. If it is determined that a Jira Service Management Server/DC instance has been compromised, it is advised to immediately shut down and disconnect the server from the network/internet, as well as any other systems which potentially share a user base or have common username/password combinations with the compromised system. Companies should also search the database for users with the com. Usertokendeletetask.completed property set to TRUE since the vulnerable version has been installed, verify that they have the correct email addresses, and force a password reset for all potentially affected users.

This Cyber News was published on www.csoonline.com. Publication date: Fri, 03 Feb 2023 21:22:02 +0000


Cyber News related to Fixing a Major Security Issue in Jira Service Management Server and Data Center

Fixing a Major Security Issue in Jira Service Management Server and Data Center - This week, a major security vulnerability was fixed in Jira Service Management Server, a popular IT services management platform for enterprises. This vulnerability could have allowed attackers to impersonate users and gain access to access tokens. ...
1 year ago Csoonline.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 week ago Aws.amazon.com
CVE-2020-36239 - Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 ...
2 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
4 months ago Esecurityplanet.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
9 months ago Securityboulevard.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 week ago Helpnetsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
10 months ago Microsoft.com
Atlassian Alerts of Major Security Issue with Jira Service Management - This week, Atlassian warned of a critical-severity authentication vulnerability in Jira Service Management Server and Data Center that could allow malicious actors to impersonate Jira users. If an attacker has write access to a User Directory and ...
1 year ago Securityweek.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
6 months ago Feedpress.me
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
8 months ago Cybersecuritynews.com
CVE-2024-21685 - This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. ...
3 months ago
2024 brings changes in data security strategies - 2024 will be a revolutionary year for the data security landscape as Data Security Posture Management technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business ...
10 months ago Helpnetsecurity.com
McCaffrey Joins 'ASTORS' Champion SIMS Software Board of Advisors - SIMS Software, the leading provider of security information management software to the government and defense industries - and the 2023 Platinum 'ASTORS' Award Champion for Best Security Workforce Management Solution, is delighted to announce that ...
8 months ago Americansecuritytoday.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
9 months ago Esecurityplanet.com
Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
10 months ago Helpnetsecurity.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
7 months ago Esecurityplanet.com
New Microsoft Purview features use AI to help secure and govern all your data - More than 90% of organizations use multiple cloud infrastructures, platforms, and services to run their business, adding complexity to securing all data.1Microsoft Purview can help you secure and govern your entire data estate in this complex and ...
10 months ago Microsoft.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
9 months ago Feeds.dzone.com
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
6 months ago Feeds.dzone.com
How Data Fabric Architecture Helps Enhance Security Governance - Essentially, data fabric is an approach to managing and integrating data, aimed at enabling access to information across the enterprise in a versatile, iterable, and augmented way. The data fabric concept can translate into an architecture that ...
5 months ago Cybersecurity-insiders.com
DevSecOps: Shifting Security to the Left - This blog explains how Shifting Security to the Left introduces security in the early stages of the DevOps Lifecycle, thus fixing software bugs proactively. Throughout this process, it feels like security has been left behind a little. 'Shifting ...
10 months ago Feeds.dzone.com
Localization Mandates, AI Regs to Pose Major Data Challenges in 2024 - Companies should expect to face a trio of trends in 2024 that make data security, protection, and compliance more critical to operations and risk reduction. Increasingly, governments worldwide are creating laws that govern the handling of data within ...
9 months ago Darkreading.com
What Is a SaaS Security Checklist? Tips & Free Template - SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee ...
6 months ago Esecurityplanet.com
Normalizing Security Culture: Stay Ready - While it may seem like self-promotion or extraneous work, it’s extremely valuable to take the extra time to summarize threats stopped, processes improved, projects completed and team members modeling strong security behavior. Most people don't ...
1 week ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)