Table of Contents
  • Home
  • /
  • Blog
  • /
  • How to Fix CVE-2023-22501- A Critical Broken Authentication Vulnerability in Jira Products?
February 6, 2023
|
5m

How to Fix CVE-2023-22501- A Critical Broken Authentication Vulnerability in Jira Products?


How To Fix Cve 2023 22501 A Critical Broken Authentication Vulnerability In Jira Products

Security researchers have disclosed a critical broken authentication vulnerability in a couple of Jira products. The vulnerability is assigned a CVE ID CVE-2023-22501 with a CVSS score of 9.4, which is Critical in severity and is a broken authentication vulnerability in Jira Service Management Server and Jira Service Management Data Center, a service management platform designed for IT and customer service teams to manage requests and incident. The successful exploitation of this broke authentication vulnerability could allow a remote, unauthenticated attacker to impersonate another user and gain access to the affected versions of Jira Service Management instances. It is important to learn how to fix CVE-2023-22501, a critical broken authentication vulnerability in Jira Service Management Server and Jira Service Management Data Center. Lets get started.

A short note about Jira Service Management Server and Data Center

Jira Service Management (previously known as Jira Service Desk) is a top-notch platform for IT and customer service teams to keep track of requests and incidents in a neat and organized fashion. With exciting features like automation, collaboration, and even Service Level Agreement (SLA) management, its no wonder why this platform is so sought after!

But wait, theres more! Jira Service Management comes in two different editions the Server edition and the Data Center edition. The Server edition is perfect for small to medium-sized teams, while the Data Center edition is the solution for big enterprises who want the highest level of availability, scalability, and performance. The Data Center edition has extra features like clustering and load balancing, not to mention improved security, performance, and reliability. Its the ultimate package!

Summary Of CVE-2023-22501

This is a broken authentication vulnerability in Jira Service Management Server and Jira Service Management Data Center, which enables an attacker to gain access to the vulnerable Jira Service Management instance by impersonating another user. The attacker could exploit this vulnerability on the Jira Service Management instances on the outgoing email option enabled with write access to the User Directory. These features help the attacker to obtain signup tokens sent to the new legitimate user who has never been login into the Jira Service Management Servers and Data Centers. 

According to the Vendor, the attacker can obtain signup tokens of the new legitimate user in two ways: 

  1. The attacker should be included on Jira issues or requests with legitimate users, or

  2. Access to emails containing a View Request link from legitimate users by any way

The issue is being tracked as CVE-2023-22501 is rated with a severity level of this flaw as critical as per Atlassian. Lets see the CVSS score and vector of the vulnerability and how to fix the CVE-2023-22501 vulnerability in the coming sessions. Please check out the FAQ page for more details.

Associated CVE IDCVE-2023-22501
DescriptionA Critical Broken Authentication Vulnerability in Jira Jira Service Management Server and Jira Service Management Data Center.
Associated ZDI ID
CVSS Score9.4 Critical
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Impact Score5.5
Exploitability Score3.9
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)Low

Atlassian said, Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.

Vendor

Important points to know about CVE-2023-22501 (A broken authentication vulnerability in Jira Service Management Servers and Data Centers):

  1. The flaw affects only self-hosted products: Jira Service Management Servers and Data Centers.

  2. Jira Service Management Cloud is not vulnerable, and no action is required.

  3. Users connected to the Jira service via read-only User Directories or single sign-on (SSO) are not affected.

  4. External users who interact with the instance via email are affected, even when SSO is configured.

Jira Products Vulnerable to CVE-2023-22501

This flaw affects Jira Service Management Servers and Data Centers versions from 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0:

  • 5.3.0

  • 5.3.1

  • 5.3.2

  • 5.4.0

  • 5.4.1

  • 5.5.0

How to Fix CVE-2023-22501- A Critical Broken Authentication Vulnerability in Jira Products?

Atlassian responded to this flaw by releasing patched versions of Jira Service Management Servers and Data Centers. Atlassian recommends upgrading vulnerable versions to any of the fixed versions to fix the vulnerability. Please see the table below to know the fixed versions of the Jira Service Management Server and Data Center. Download the latest versions of the Jira Service Management Server and Data Center from the official download center.

Refer to this Jira documentation to install or upgrade the Jira Service Management Servers and Data Centers. Or contact support for assistance.

ProductAffected VersionsFixed Versions
Jira Service Management Server and Data Center5.3.05.3.15.3.25.4.05.4.15.5.05.3.35.4.25.5.15.6.0 or later

If in case, you are not in a position to upgrade Jira Service Management Server and Data Center any time soon, we recommend you to manually upgrade the version-specific servicedesk-variable-substitution-plugin JAR file as a temporary workaround. This would work as a roadblock and soften the attack intensity. This doesnt mean you are covered from the attack. This just minimise the attack surface.

Follow these simple steps to update the servicedesk-variable-substitution-plugin JAR file:

  1. Stop the Jira services

  2. Download the corresponding JAR file shown in the above table, copy the JAR file into your Jira home directory

    • For Server: <Jira_Home>/plugins/installed-plugins

    • For Data Center: <Jira_Shared>/plugins/installed-plugins

  3. Start the Jira services

We hope this post helps you know how to fix CVE-2023-22501 a critical broken authentication vulnerability in Jira Service Management Server and Jira Service Management Data Center. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe