How to Fix CVE-2023-22501- A Critical Broken Authentication Vulnerability in Jira Products?

Security researchers have disclosed a critical broken authentication vulnerability in a couple of Jira products. The vulnerability is assigned a CVE ID CVE-2023-22501 with a CVSS score of 9.4, which is Critical in severity and is a broken authentication vulnerability in Jira Service Management Server and Jira Service Management Data Center, a service management platform designed for IT and customer service teams to manage requests and incident. The successful exploitation of this broke authentication vulnerability could allow a remote, unauthenticated attacker to impersonate another user and gain access to the affected versions of Jira Service Management instances. It is important to learn how to fix CVE-2023-22501, a critical broken authentication vulnerability in Jira Service Management Server and Jira Service Management Data Center. Let’s get started.

A short note about Jira Service Management Server and Data Center

Jira Service Management (previously known as Jira Service Desk) is a top-notch platform for IT and customer service teams to keep track of requests and incidents in a neat and organized fashion. With exciting features like automation, collaboration, and even Service Level Agreement (SLA) management, it’s no wonder why this platform is so sought after!

But wait, there’s more! Jira Service Management comes in two different editions – the Server edition and the Data Center edition. The Server edition is perfect for small to medium-sized teams, while the Data Center edition is the solution for big enterprises who want the highest level of availability, scalability, and performance. The Data Center edition has extra features like clustering and load balancing, not to mention improved security, performance, and reliability. It’s the ultimate package!

See also  Top 6 Programming Languages for Hackers and Pentesters!

Summary Of CVE-2023-22501

This is a broken authentication vulnerability in Jira Service Management Server and Jira Service Management Data Center, which enables an attacker to gain access to the vulnerable Jira Service Management instance by impersonating another user. The attacker could exploit this vulnerability on the Jira Service Management instances on the outgoing email option enabled with write access to the User Directory. These features help the attacker to obtain signup tokens sent to the new legitimate user who has never been login into the Jira Service Management Servers and Data Centers. 

According to the Vendor, the attacker can obtain signup tokens of the new legitimate user in two ways: 

  1. The attacker should be included on Jira issues or requests with legitimate users, or
  2. Access to emails containing a “View Request” link from legitimate users by any way

The issue is being tracked as CVE-2023-22501 is rated with a severity level of this flaw as ‘critical’ as per Atlassian. Let’s see the CVSS score and vector of the vulnerability and how to fix the CVE-2023-22501 vulnerability in the coming sessions. Please check out the FAQ page for more details.

Associated CVE IDCVE-2023-22501
DescriptionA Critical Broken Authentication Vulnerability in Jira Jira Service Management Server and Jira Service Management Data Center.
Associated ZDI ID
CVSS Score9.4 Critical
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Impact Score5.5
Exploitability Score3.9
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
Availability (a)Low

Atlassian said, “Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.”– Vendor

Important points to know about CVE-2023-22501 (A broken authentication vulnerability in Jira Service Management Servers and Data Centers):

  1. The flaw affects only self-hosted products: Jira Service Management Servers and Data Centers.
  2. Jira Service Management Cloud is not vulnerable, and no action is required.
  3. Users connected to the Jira service via read-only User Directories or single sign-on (SSO) are not affected.
  4. External users who interact with the instance via email are affected, even when SSO is configured.
See also  How to Check Website’s Categories in Bulk from Symantec Site Review Tool?

Jira Products Vulnerable to CVE-2023-22501

This flaw affects Jira Service Management Servers and Data Centers versions from 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0:

  • 5.3.0
  • 5.3.1
  • 5.3.2
  • 5.4.0
  • 5.4.1
  • 5.5.0

How to Fix CVE-2023-22501- A Critical Broken Authentication Vulnerability in Jira Products?

Atlassian responded to this flaw by releasing patched versions of Jira Service Management Servers and Data Centers. Atlassian recommends upgrading vulnerable versions to any of the fixed versions to fix the vulnerability. Please see the table below to know the fixed versions of the Jira Service Management Server and Data Center. Download the latest versions of the Jira Service Management Server and Data Center from the official download center.

Refer to this Jira documentation to install or upgrade the Jira Service Management Servers and Data Centers. Or contact support for assistance.

ProductAffected VersionsFixed Versions
Jira Service Management Server and Data Center5.3.05.3.15.3.25.4.05.4.15.5.05.3.35.4.25.5.15.6.0 or later

If in case, you are not in a position to upgrade Jira Service Management Server and Data Center any time soon, we recommend you to manually upgrade the version-specific servicedesk-variable-substitution-plugin JAR file as a temporary workaround. This would work as a roadblock and soften the attack intensity. This doesn’t mean you are covered from the attack. This just minimise the attack surface.

Jira Service Management VersionsJAR File
5.5.0servicedesk-variable-substitution-plugin-5.5.1-REL-0005.jar
5.4.0, 5.4.1servicedesk-variable-substitution-plugin-5.4.2-REL-0005.jar
5.3.0, 5.3.1, 5.3.2servicedesk-variable-substitution-plugin-5.3.3-REL-0001.jar

Follow these simple steps to update the servicedesk-variable-substitution-plugin JAR file:

  1. Stop the Jira services
  2. Download the corresponding JAR file shown in the above table, copy the JAR file into your Jira home directory
    • For Server: <Jira_Home>/plugins/installed-plugins
    • For Data Center: <Jira_Shared>/plugins/installed-plugins
  3. Start the Jira services

Leave a Reply

Your email address will not be published. Required fields are marked *