An Authentication Vulnerability Discovered in Jira Service Management Server and Data Center
An Authentication Vulnerability Discovered in Jira Service Management Server and Data Center
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
A security vulnerability was found in Jira Service Management Server and Data Center (versions 5.3.0 to 5.5.0) which allows an attacker to access a Jira Service Management instance by impersonating another user. The vulnerability is present when the attacker has to write access to a User Directory and outgoing email is enabled. Bot accounts and external customer accounts are particularly vulnerable.