Sabtrax Sabtrax

Cybersecurity Threat Advisory: Atlassian critical remote code execution vulnerability

Cybersecurity Threat Advisory: Atlassian critical remote code execution vulnerability

A critical remote code execution vulnerability has been discovered in the Jira Service Management Server and Data Center owned by Atlassin, tracked as CVE-2023-22501. This vulnerability could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems. Barracuda MSP recommends updating to the newest version that Atlassian has provided.

What is the threat?

A remote code execution vulnerability exists in the Atlassian’s Jira Service Management Server and Data Center versions 5.3.0 through 5.5. An attacker who successfully exploits this flaw will be able to impersonate other users and gain remote access to the systems. This vulnerability has been categorized with a critical severity score of 9.4.

Why is it noteworthy?

This vulnerability has a high success rate when targeting bot accounts. Upon a successful exploitation, the attacker can interact with others within JIRA, add themselves to JIRA issues, as well as request and receive emails using the ‘View Request’ link – which can then allow them to acquire signup tokens. When a critical vulnerability is identified publicly, attackers will often expedite their attack rate before the vulnerability is resolved.

What is the exposure or risk?

Upon a successful exploitation, an attacker can change a user’s password without the account owner’s knowledge, making it difficult for users to detect a compromise. The attacker can then run remote code to install programs, exfiltrate, view, change, or delete data, or create new accounts without the administrator noticing. These privileges give the attacker the tools to conduct a ransomware event or an impersonation event for lateral movements within the environment, that can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.

What are the recommendations?

  • Upgrade to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later.
  • If for some reason you are unable to upgrade, follow the steps below to apply a workaround fix:
    • Download the associated JAR from the Atlassian Security Advisory
    • Stop Jira
    • Copy the JAR file into the Jira home directory (“<Jira_Home>/plugins/installed-plugins” for servers or “<Jira_Shared/plugins/installed-plugins”> for data centers)
    • Restart the service.

References

For more in-depth information about the recommendations, please visit the following links:

NVD – CVE-2023-22501 (nist.gov)

FAQ for CVE-2023-22501 | Atlassian Support | Atlassian Documentation

https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-jira-service-management-auth-flaw/

If you have any questions, please contact our Security Operations Center.

Go to Source

Share Post :