Jira Service Management Server and Data Center Authentication Bypass Vulnerability (CVE-2023-22501) Notice
February 7, 2023
Overview Recently, NSFOCUS CERT found that Atlassian officially fixed a Jira Service Management Server and Data Center authentication bypass vulnerability (CVE-2023-22501). When write access to user directories and outgoing emails is enabled on a Jira Service Management instance, an unauthenticated remote attacker can gain access to Jira Service Management by impersonating users who have never […]
October 4, 2021
Overview Recently, NSFOCUS CERT found that Atlassian released a security bulletin to announce the fix of the Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084). This vulnerability allows an authenticated attacker, and in some instances, an unauthenticated user, to execute arbitrary code on Confluence Server or Data Center by injecting a crafted OGNL expression. This vulnerability […]
July 29, 2019
1 Vulnerability Description
Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met:
- An SMTP server has been configured in Jira and the Contact Administrators Form is enabled.
- An SMTP server has been configured in Jira and an attacker has “Jira Administrators” access.