16 C
Paris
Wednesday, May 29, 2024

Critical Vulnerability Discovered in Jira Service Management Server and Data Center

A critical security vulnerability has been discovered in Jira Service Management Server and Data Center, which has been assigned the CVE identifier CVE-2023-22501 and a CVSS score of 9.4. Atlassian has issued a patch to resolve the issue.

Impact of the Vulnerability

The vulnerability allows an attacker to impersonate another user and gain unauthorized access to a Jira Service Management instance. The vulnerability affects versions 5.3.0 to 5.5.0 and can be used to target bot accounts due to their increased likelihood of being included in Jira issues or receiving emails.

- Advertisement -

Protection Measures

Atlassian has released updates for versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later, which can be found on the Atlassian website. In case the update cannot be implemented immediately, a workaround in the form of a JAR file is available for a manual upgrade of the “servicedesk-variable-substitution-plugin”.

Workaround for Manual Upgrade

To upgrade manually, follow these steps:

  • Download the JAR file specific to your version from the advisory.
  • Stop Jira.
  • Copy the JAR file into the Jira home directory located at “Jira Home>/plugins/installed-plugins” for servers and “Jira Shared/plugins/installed-plugins” for data centers.
  • Start Jira again.

Conclusion

Jira Service Management Server and Data Center users are advised to upgrade to the latest version or use the workaround to protect against the security vulnerability. Atlassian has taken steps to address previous vulnerabilities and ensure the security of its products.

Website | + posts
spot_img

Also Read