A critical security vulnerability has been detected in the Jira Service Management Server and Data Center solutions developed by Atlassian.
The vulnerability, coded as CVE-2023-22501, is caused by a faulty authentication control. The threat actor can exploit this vulnerability by using a specially prepared request to impersonate another user and gain access to a Jira Service Management session. The vulnerability affects the following versions:
- 3.0
- 3.1
- 3.2
- 4.0
- 4.1
- 5.0
Atlassian solved the vulnerability for Jira Service Management Server and Data Center
The vulnerability is resolved in versions 5.3.3, 5.4.2, 5.5.1, 5.6.0, and later. It is recommended that users of vulnerable versions upgrade promptly to a version that resolves the vulnerability.