Blog | G5 Cyber Security

Atlassian Patches Critical Jira Authentication Bypass Bug

Australian software company Atlassian issues fixes for a critical vulnerability in its Jira software. The vulnerability, tracked as CVE-2022-0540 with a CVSS rating of 9.9 out of 10, affects both Jira and Jira Service Management products. Remote, unauthenticated attacker could exploit the bug by sending a specially crafted request to bypass authentication and authorization requirements in WebWork actions using an affected configuration, Atlassian says. An app is only vulnerable if it does not take steps to independently “enforce additional security checks””]

Source: https://www.inforisktoday.com/atlassian-patches-critical-jira-authentication-bypass-bug-a-18957

Exit mobile version