Authentication bypass in Jira Seraph
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-0540 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Jira Software Client/Desktop applications / Other client software Jira Data Center Server applications / Other server solutions Jira Service Management Data Center Server applications / Other server solutions Jira Service Management Server Server applications / Other server solutions |
| Vendor | Atlassian |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU62540
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0540
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the Jira Seraph. A remote attacker can send a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions and gain unauthorized access to the application.
The vulnerability affects applications that specify roles-required at the webwork1 action namespace level and do not specify it at an action level.
Install updates from vendor's website.
Vulnerable software versionsJira Software: 8.0.0 - 8.21.1
Jira Data Center: 8.0.0 - 8.21.1
Jira Service Management Data Center: 4.0.0 - 4.21.1
Jira Service Management Server: 4.0.0 - 4.21.1
CPE2.3- cpe:2.3:a:atlassian:jira:8.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.13.17:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.13.17:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_management_data_center:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.13.17:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_service_desk:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_data_center:8.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_data_center:8.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_data_center:8.20.5:*:*:*:*:*:*:*
http://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20
http://jira.atlassian.com/browse/JSDSERVER-11224
http://jira.atlassian.com/browse/JRASERVER-73650
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
