The security flaw, identified as CVE-2022-0540, is an authentication bypass issue that affects Seraph, the web authentication framework of Jira and Jira Service Management. A remote, unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization by sending a specially crafted HTTP request. Many versions of Jira are affected, but the vendor noted that…

According to Atlassian, security researcher Harrison Neal discovered that Jira Data Center — including Software Data Center and Core Data Center — and Jira Service Management Data Center software development products are affected by a critical flaw related to missing authentication for the Ehcache RMI network service. An attacker who can connect to this service…