Share This:

A critical remote code execution vulnerability has been discovered in the Jira Service Management Server and Data Center owned by Atlassian, tracked as CVE-2023-22501. This vulnerability could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems. Barracuda MSP recommends updating to the newest version that Atlassian has provided.

What is the threat?

A remote code execution vulnerability exists in the Atlassian’s Jira Service Management Server and Data Center versions 5.3.0 through 5.5. An attacker who successfully exploits this flaw will be able to impersonate other users and gain remote access to the systems. This vulnerability has been categorized with a critical severity score of 9.4.

Why is it noteworthy?

This vulnerability has a high success rate when targeting bot accounts. Upon a successful exploitation, the attacker can interact with others within JIRA, add themselves to JIRA issues, as well as request and receive emails using the ‘View Request’ link – which can then allow them to acquire signup tokens. When a critical vulnerability is identified publicly, attackers will often expedite their attack rate before the vulnerability is resolved.

What is the exposure or risk?

Upon a successful exploitation, an attacker can change a user’s password without the account owner’s knowledge, making it difficult for users to detect a compromise. The attacker can then run remote code to install programs, exfiltrate, view, change, or delete data, or create new accounts without the administrator noticing. These privileges give the attacker the tools to conduct a ransomware event or an impersonation event for lateral movements within the environment, that can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.

What are the recommendations?

  • Upgrade to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later.
  • If for some reason you are unable to upgrade, follow the steps below to apply a workaround fix:
    • Download the associated JAR from the Atlassian Security Advisory
    • Stop Jira
    • Copy the JAR file into the Jira home directory (“<Jira_Home>/plugins/installed-plugins” for servers or “<Jira_Shared/plugins/installed-plugins”> for data centers)
    • Restart the service.

References

For more in-depth information about the recommendations, please visit the following links:

NVD – CVE-2023-22501 (nist.gov)

FAQ for CVE-2023-22501 | Atlassian Support | Atlassian Documentation

https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-jira-service-management-auth-flaw/

If you have any questions, please contact our Security Operations Center.


Share This:
Kevin Ghee

Posted by Kevin Ghee

Kevin is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Kevin supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *