CVE-2023-22501Improper Authentication in Atlassian Jira Service Management

CWE-287Improper Authentication5 documents4 sources
Severity
9.1CRITICALNVD
EPSS
2.4%
top 15.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Service ManagementAtlassian Jira Service Management Data CenterAtlassian Jira Service Management Server
Timeline
PublishedFeb 1
Latest updateJul 6

Description

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases:

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDatlassian/jira_service_management5.3.05.3.3+2

🔴Vulnerability Details

2
GHSA
GHSA-jm25-87xp-4h76: An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user2023-07-06
CVEList
CVE-2023-22501: An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user2023-02-01

🕵️Threat Intelligence

2
Sentinelone
CVE-2023-22501: Atlassian Jira Service Management Vulnerability2023-02-07
Sentinelone
CVE-2023-22501: Atlassian Jira Service Management Vulnerability2023-02-07
CVE-2023-22501 — Improper Authentication in Atlassian | cvebase