A critical vulnerability in Atlassian’s Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.
Atlassian explains that the security issue affects versions 5.3.0 through 5.5.0 and that hackers can get “Access to a Jira Service Management instance under certain circumstances.”
Tracked as CVE-2023-22501, the vulnerability has a critical severity score of 9.4, as calculated by Atlassian.
Atlassian has released updates that address the issue and advises admins to upgrade to versions 5.3.3, 5.4.2, 5.5.1, and 5.6.0 or later.
Copy the JAR file into the Jira home directory Restart the service.
After applying the available security update or the JAR file workaround, admins can check which accounts changed their passwords and logged in since installing the previous version, which could reveal unauthorized access to the accounts.