Atlassian fixes critical Jira authentication bypass vulnerability

Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company’s web application security framework.

Seraph is used in Jira and Confluence for handling all login and logout requests via a system of pluggable core elements.

Although the vulnerability is in the core of Jira, it affects first and third-party apps that specify “Roles required” at the “Webwork1” action namespace level and do not specify it at an “Action” level.

The two bundled apps affected by the flaw are “Insight – Asset Management” and “Mobile Plugin” for Jira.

If no impacted apps are used in Jira, then the severity of the vulnerability drops down to medium.

As for the Jira Service Management, the fixed versions are 4.13.x >= 4.13.18, 4.20.x >= 4.20.6, and 4.22.0 and later.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

A Vumetric expert will contact you to learn more about your cybersecurity needs and goals.

The project's scope will be defined (Target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is sent to you.

This field is for validation purposes and should be left unchanged.


Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)

This site is registered on as a development site. Switch to a production site key to remove this banner.