This week, Atlassian issued a security advisory regarding a critical authentication flaw in Jira Service Management Server and Data Center, which could allow attackers to impersonate Jira users.
The vulnerability affects Jira Service Management Server and Data Center versions 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, and 5.5.0 and is tracked as CVE-2023-22501 (CVSS score of 9.4). According to Atlassian’s advisory, “An authentication vulnerability was discovered in Jira Service Management Server and Data Center which, under certain conditions, allows an attacker to impersonate another user and gain access to a Jira Service Management instance.”
An attacker could obtain access to signup tokens sent to users whose accounts have never been logged into if they had write access to a User Directory and outgoing email enabled on a Jira Service Management instance, the company says.
Read More: Atlassian Warns of Critical Jira Service Management Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.