#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Atlassian Jira | Breaking Cybersecurity News | The Hacker News

Category — Atlassian Jira
Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability

Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability

Feb 03, 2023 Cloud Security / Vulnerability
Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The  vulnerability  is tracked as  CVE-2023-22501  (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances," Atlassian  said . "With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into." The tokens, Atlassian noted, can be obtained in either of the two scenarios - If the attacker is included on Ji...
Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability

Apr 23, 2022
Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as  CVE-2022-0540 , the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been credited with discovering and reporting the security weakness. "A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration," Atlassian  noted . The flaw affects the following Jira products - Jira Core Server, Jira Software Server and Jira Software Data Center: All versions before 8.13.18, 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x before 8.20.6, and 8.21.x Jira Service Management Server and Jira Service Management Data Cent...
Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats

Mar 11, 2025Breach Simulation / Penetration Testing
In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security , believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn't equal being secure. As Sun Tzu warned, "Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat." Two and a half millennia later, the concept still holds: your organization's cybersecurity defenses must be strategically validated under real-world conditions to ensure your business's very survival. Today, more than ever, you need Adversarial Exposure Validation (AEV) , the essential strategy that's still missing from most security frameworks. The Danger of False Confidence Conventional wisdom suggests that if you've patched known bugs, deployed a stack of well-regarded security tools, and passed the nec...
Expert Insights / Articles Videos
Cybersecurity Resources