• Latest
  • Trending
Atlassian fixes critical Jira authentication bypass vulnerability

Atlassian fixes critical Jira authentication bypass vulnerability

April 25, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Saturday, 18 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Atlassian fixes critical Jira authentication bypass vulnerability

by ITECHNEWS
April 25, 2022
in Infosec, Leading Stories
0 0
0
Atlassian fixes critical Jira authentication bypass vulnerability

Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company’s web application security framework.

Seraph is used in Jira and Confluence for handling all login and logout requests via a system of pluggable core elements.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

The flaw is tracked as CVE-2022-0540 and comes with a severity rating of 9.9. It allows a remote attacker to bypass authentication by sending a specially crafted HTTP request to vulnerable endpoints.

The affected products are Jira Core Server, Software Data Center, Software Server, the Service Management Server, and the Management Data Center. More specifically, the following versions are impacted:

  • Jira Core Server, Software Server, and Software Data Center before 8.13.18, the 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x before 8.20.6, and 8.21.x.
  • Jira Service Management Server and Management Data Center before 4.13.18, the 4.14.x, 4.15.x, 4.16.x, 4.17.x, 4.18.x, 4.19.x, 4.20.x before 4.20.6, 4.21.x.

The vulnerability does not impact the cloud versions for Jira and Jira Service Management.

Atlassian specifies that remote attackers can only compromise the impacted products if they use a specific configuration in Seraph, which is detailed as follows:

Although the vulnerability is in the core of Jira, it affects first and third-party apps that specify “roles required” at the “webwork1” action namespace level and do not specify it at an “action” level.

Vulnerable apps

The severity of exploiting CVE-2022-0540 also varies depending on the apps used and whether they use additional permission checks on top of those in Seraph’s configuration.

The two bundled apps affected by the flaw are “Insight – Asset Management” and “Mobile Plugin” for Jira. For a complete list of the affected apps, check the middle section of Atlassian’s advisory.

Third-party apps, like those outside the Atlassian Marketplace or developed in-house by customers, are also impacted if they rely on a vulnerable configuration.

If no impacted apps are used in Jira, then the severity of the vulnerability drops down to medium.

Fix and workarounds

The versions that include the security updates are Jira Core Server, Software Server, and Software Data Center 8.13.x >= 8.13.18, 8.20.x >= 8.20.6, and all versions from 8.22.0 and later.

As for the Jira Service Management, the fixed versions are 4.13.x >= 4.13.18, 4.20.x >= 4.20.6, and 4.22.0 and later.

Users are strongly advised to update to one of the versions above. If this is not possible at this time, Atlassian recommends updating the affected apps to a version that has remediated the risk or disabling the vulnerable apps until patching is possible.

Those using Jira Service Management 4.19.x, and 4.20.x

Source: Bill Toulas
Via: bleepingcomputer
Tags: Atlassian fixes critical Jira authentication bypass
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version