Improper Authentication in Atlassian Server applications

#VU62540 Improper Authentication in Atlassian Server applications

Published: 2022-05-26

Vulnerability identifier: #VU62540

Vulnerability risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0540

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Jira Software
Client/Desktop applications / Other client software
Jira Data Center
Server applications / Other server solutions
Jira Service Management Data Center
Server applications / Other server solutions
Jira Service Management Server
Server applications / Other server solutions

Vendor: Atlassian

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the Jira Seraph. A remote attacker can send a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions and gain unauthorized access to the application.

The vulnerability affects applications that specify roles-required at the webwork1 action namespace level and do not specify it at an action level.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Jira Software: 8.21.0 - 8.21.1, 8.20.0 - 8.20.5, 8.19.0 - 8.19.1, 8.18.0 - 8.18.2, 8.17.0 - 8.17.1, 8.16.0 - 8.16.2, 8.15.0 - 8.15.1, 8.14.0 - 8.14.1, 8.13.0 - 8.13.17, 8.12.0 - 8.12.3, 8.11.0 - 8.11.1, 8.10.0 - 8.10.2, 8.9.0 - 8.9.1, 8.8.0 - 8.8.1, 8.7.0 - 8.7.1, 8.6.0 - 8.6.1, 8.5.0 - 8.5.19, 8.4.0 - 8.4.3, 8.3.0 - 8.3.5, 8.2.0 - 8.2.6, 8.1.0 - 8.1.3, 8.0.0 - 8.0.4

Jira Data Center: 8.0.0 - 8.21.1

Jira Service Management Data Center: 4.21.0 - 4.21.1, 4.20.0 - 4.20.5, 4.13.0 - 4.13.17, 4.19.0 - 4.19.1, 4.5.0 - 4.5.19, 4.18.0 - 4.18.2, 4.17.0 - 4.17.1, 4.16.0 - 4.16.2, 4.15.0 - 4.15.1, 4.14.0 - 4.14.1, 4.12.0 - 4.12.3, 4.11.0 - 4.11.1, 4.10.0 - 4.10.1, 4.9.0 - 4.9.1, 4.8.0 - 4.8.1, 4.7.0 - 4.7.1, 4.6.0 - 4.6.1, 4.4.0 - 4.4.3, 4.3.0 - 4.3.5, 4.2.0 - 4.2.6, 4.1.0 - 4.1.3, 4.0.0 - 4.0.3

Jira Service Management Server: 4.21.0 - 4.21.1, 4.20.0 - 4.20.5, 4.13.0 - 4.13.17, 4.19.0 - 4.19.1, 4.5.0 - 4.5.19, 4.18.0 - 4.18.2, 4.17.0 - 4.17.1, 4.16.0 - 4.16.2, 4.15.0 - 4.15.1, 4.14.0 - 4.14.1, 4.12.0 - 4.12.3, 4.11.0 - 4.11.1, 4.10.0 - 4.10.1, 4.9.0 - 4.9.1, 4.8.0 - 4.8.1, 4.7.0 - 4.7.1, 4.6.0 - 4.6.1, 4.0.0 - 4.0.4, 4.4.0 - 4.4.3, 4.3.0 - 4.3.5, 4.2.0 - 4.2.6, 4.1.0 - 4.1.3

External links
http://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20
http://jira.atlassian.com/browse/JSDSERVER-11224
http://jira.atlassian.com/browse/JRASERVER-73650

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Authentication bypass in Jira Seraph