A vital vulnerability in Jira Service Administration Server, a preferred enterprise IT service administration platform, was fastened this week that would enable attackers to impersonate customers and achieve entry to entry tokens. If the system is configured to permit public registration, exterior shoppers may be affected.
The bug was launched in Jira Service Administration Server and Knowledge Middle 5.3.0, so variations 5.3.0 to five.3.1 and 5.4.0 to five.5.0 are affected. Atlassian has launched fastened variations of the software program, however has additionally supplied a workaround that entails updating a single JAR file on affected deployments. Atlassian Cloud situations should not weak.
Damaged Jira authentication
Atlassian describes the vulnerability, tracked as CVE-2023-22501, as a damaged authentication difficulty and charges it vital in severity based mostly by itself severity scale.
“With write entry to a Person Listing and outbound e-mail enabled on a Jira Service Administration occasion, an attacker might achieve entry to registration tokens despatched to customers with accounts which have by no means been logged in”, the corporate defined in its discover. “Entry to those tokens may be obtained in two circumstances: if the attacker is included in Jira points or requests with these customers, or if the attacker is forwarded or beneficial properties entry to emails containing a ‘View Request’ hyperlink from these customers”.
Bot accounts that had been created to work with Jira Service Administration are notably inclined to this situation, the corporate warned. Even when customers synced by way of read-only person directories or SSO should not affected by the flaw, customers who work together with the occasion by way of e-mail are nonetheless affected even when SSO is enabled.
Jira Service Administration can be utilized to arrange and handle a service desk that unifies assist desks throughout totally different departments, corresponding to IT, HR, finance, or customer support, permitting groups to work higher collectively on shared duties. It additionally allows companies to handle property, carry out stock, monitor possession and lifecycle, IT groups can handle infrastructure configuration and monitor service dependencies, and might construct information bases. for self-service. Given the numerous options the platform helps and the duties it may be used for in a company setting, the chance of huge numbers of staff, contractors, and clients having accounts on it’s excessive, as is the potential for abuse.
Jira Service Administration vulnerability mitigation
The corporate emphasizes that firms that don’t publicly expose Jira Service Administration ought to improve to a set model as quickly as doable. If they can not replace your complete system, they should obtain the servicedesk-variable-substitution-plugin fastened JAR file for his or her specific model, cease Jira, copy the file to the listing
As soon as the fastened JAR or fastened model has been put in, enterprises can lookup customers within the database with the com.jsm.usertokendeletetask.accomplished property set to “TRUE” because the weak model was put in. These are customers who may need been affected, so the subsequent step is to confirm that they’ve the proper e-mail addresses. Inner customers will need to have the proper e-mail area and publicly registered customers will need to have their usernames an identical to their e-mail tackle.
A password reset should then be pressured for all probably affected customers, which entails sending a affirmation e-mail, so it’s crucial that their e-mail addresses are appropriate. The JIRA API can be utilized to pressure password resets, together with expiring lively classes and logging out potential attackers.
“Whether it is decided that your Jira Service Administration Server/DC occasion has been compromised, our recommendation is to right away shut down and disconnect the server from the community/web,” the corporate mentioned in an FAQ doc accompanying the advisory. “As well as, you might need to instantly shut down some other techniques that probably share a person base or have widespread username/password mixtures with the compromised system. Earlier than doing the rest, you will must work together with your native safety crew. to determine the extent of the breach and your restoration choices.
Copyright © 2023 IDG Communications, Inc.
–
Critical vulnerability patched in Jira Service Management Server and Data Center
