Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | Atlassian Patches Jira Authentication Bypass Vulnerability
Table Of Content
Home

Resources

Blog
Apr 23, 2022
3 Mins Read

Atlassian Patches Jira Authentication Bypass Vulnerability

Atlassian has released a security advisory announcing a critical authentication bypass vulnerability in Seraph, the company’s web framework, affecting Jira products. The CVSS score of the CVE-2022-0540 vulnerability is 9.9, and it is a very high-risk level.

Which Products Does the Vulnerability Affect?

According to Atlassian’s statement, the vulnerability affects Jira Core Server, Software Data Center, Software Server, Service Management Server, and Management Data Server products.

The affected product versions are given below in the company’s advisory.

Jira Core Server, Software Server, and Software Data Center:

  • All versions before 8.13.18
  • 8.14.x
  • 8.15.x
  • 8.16.x
  • 8.17.x
  • 8.18.x
  • 8.19.x
  • 8.20.x before 8.20.6
  • 8.21.x

Jira Service Management Server and Management Server:

  • All versions before 4.13.18
  • 4.14.x
  • 4.15.x
  • 4.16.x
  • 4.17.x
  • 4.18.x
  • 4.19.x
  • 4.20.x before 4.20.6
  • 4.21.x

It is stated that the vulnerability does not affect the cloud-based Jira and Jira Service Management products.

Get the latest vulnerability news and be prepared for potential attacks by threat actors on your internet-facing assets.

Vulnerability Affects Atlassian Marketplace Apps

CVE-2022-0540 also affects “Insight – Asset Management and “Mobile Plugin” applications for Jira if the applications are installed on one of Jira or Jira Service Management versions or a vulnerable configuration is used.

How to Fix the Vulnerability?

Atlassian’s security advice strongly recommends upgrading products to updated versions. If this is not possible, it is recommended to deactivate the affected products.

The updated versions are:

  • For the Jira:
  • 8.13.x to 8.13.18
  • 8.20.x to 8.20.6
  • All versions to 8.22.0
  • For Jira Service Management:
  • 4.13.x to 4.13.18
  • 4.20.x to 4.20.6
  • All versions to 4.22.0
Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Get free access.

Related Articles
SOCRadar® Cyber Intelligence Inc. | APT28 Deploys ‘GooseEgg’ in Attacks Exploiting the Windows Print Spooler Vulnerability, CVE-2022-38028
APT28 Deploys ‘GooseEgg’ in Attacks Exploiting the Windows Print Spooler Vulnerability, CVE-2022-38028
Apr 24, 2024
SOCRadar® Cyber Intelligence Inc. | OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
OpenMetadata Vulnerabilities Allow Attackers to Cryptomine in Kubernetes Environments
Apr 18, 2024
SOCRadar® Cyber Intelligence Inc. | CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
CVE-2024-21006 in Oracle WebLogic Server – Oracle’s April 2024 Update Brings 441 New Security Patches
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Committing a Sin, OpenJS Foundation and XZ Utils Incidents: Lessons in Open Source Security
Apr 17, 2024
SOCRadar® Cyber Intelligence Inc. | Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Ivanti Avalanche Received an Update for Over Two Dozen Vulnerabilities (CVE-2024-24996, CVE-2024-29204…)
Apr 17, 2024