Atlassian Patches Critical Authentication Bypass Vulnerability in Jira

Source
Advertisement


The security flaw, identified as CVE-2022-0540, is an authentication bypass issue that affects Seraph, the web authentication framework of Jira and Jira Service Management. A remote, unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization by sending a specially crafted HTTP request.

Many versions of Jira are affected, but the vendor noted that Jira Cloud and Jira Service Management Cloud are not impacted. Fixes are included in versions 8.13.18, 8.20.6 and 8.22.0 or newer.

Advertisement