Authentication bypass in Jira Seraph

1) Improper Authentication

EUVDB-ID: #VU62540

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0540

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the Jira Seraph. A remote attacker can send a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions and gain unauthorized access to the application.

The vulnerability affects applications that specify roles-required at the webwork1 action namespace level and do not specify it at an action level.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Jira Software: 8.0.0 - 8.21.1

Jira Data Center: 8.0.0 - 8.21.1

Jira Service Management Data Center: 4.0.0 - 4.21.1

Jira Service Management Server: 4.0.0 - 4.21.1

External links

http://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20
http://jira.atlassian.com/browse/JSDSERVER-11224
http://jira.atlassian.com/browse/JRASERVER-73650

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.