A vital vulnerability in Atlassian’s Jira Service Administration Server and Information Heart may permit an unauthenticated attacker to impersonate different customers and acquire distant entry to the techniques.

Atlassian explains that the safety situation impacts variations 5.3.0 by way of 5.5.0 and that hackers can get “entry to a Jira Service Administration occasion underneath sure circumstances.”

Tracked as CVE-2023-22501, the vulnerability has a vital severity rating of 9.4, as calculated by Atlassian. It might be used to focus on bot accounts particularly, attributable to their frequent interactions with different customers and their elevated chance to be included in Jira points or requests or receiving emails with a “View Request” hyperlink – both situation being mandatory for buying signup tokens.

Atlassian has launched updates that handle the problem and advises admins to improve to variations 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later.

If the replace can’t be put in instantly, the seller has supplied for a workaround within the type of a JAR file that can be utilized to manually improve the “servicedesk-variable-substitution-plugin,” as described within the steps beneath:

1. Obtain the version-specific JAR from the advisory
2. Cease Jira
3. Copy the JAR file into the Jira residence listing (“<Jira_Home>/plugins/installed-plugins” for servers or “<Jira_Shared/plugins/installed-plugins”> for information facilities)
4. Restart the service

Atlassian has additionally printed a FAQ web page explaining that the improve is beneficial even when the situations are usually not uncovered to the general public web or have an exterior person listing with single sign-on (SSO) enabled.

As a warning, password modifications carried out by an attacker won’t generate an e mail notification to the account proprietor, making it tougher to detect a compromise.

Nevertheless, after making use of the obtainable safety replace or the JAR file workaround, admins can verify which accounts modified their passwords and logged in since putting in the earlier model, which may reveal unauthorized entry to the accounts.

Atlassian recommends that directors pressure a password reset on all probably breached customers and be sure that their e mail addresses are appropriate.

If a breach has been detected, the advice is to instantly shut down and disconnect the compromised server from the community to reduce the extent of the assault.