Bypass Authentication vulnerability in Atlassian Jira Seraph

THREAT LEVEL: Green. For a detailed advisory, download the pdf file here Atlassian has addressed a vulnerability in its Jira Seraph software, tracked as CVE-2022-0540. An unauthenticated attacker can use to bypass authentication. By submitting a specially crafted HTTP request to the affected software, a threat actor could exploit the vulnerability. Although the vulnerability exists in Jira's core, it only affects first and third-party apps that define roles-required at the webwork1 action namespace level rather than at the action level. For a given operation to be affected, it must also not complete any further authentication or authorization checks. This vulnerability has been fixed in Atlassian Jira Server & Data Center versions 8.13.18, 8.20.6 and 8.22.0 and Atlassian Jira Service Management Server and Data Center versions 4.13.18, 4.20.6 and 4.22.0 Vulnerability Details Patch Links https://www.atlassian.com/software/jira/core/download https://www.atlassian.com/software/jira/update References https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html https://jira.atlassian.com/browse/JSDSERVER-11224 https://jira.atlassian.com/browse/JRASERVER-73650