Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Atlassian's Jira Service Management Server
Alerts

Critical Vulnerability in Atlassian's Jira Service Management Server

6 February 2023

Atlassian has released security updates to address a critical vulnerability (CVE-2023-22501) in their Jira Service Management Server and Data Centre.

Successful exploitation of the vulnerability could allow an attacker to impersonate other users and gain remote access to the systems.

The vulnerability affects Jira Service Management Server and Data Centre versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0. 

Users and administrators of affected product versions are advised to update to the latest version immediately. If immediate updating is not possible, users and administrators are advised to manually update the version-specific servicedesk-variable-substitution-plugin JAR file as a temporary workaround.

More information is available here:
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-2023-02-01-1188786458.html
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-jira-service-management-auth-flaw/
https://nvd.nist.gov/vuln/detail/CVE-2023-22501


Back to top