Atlassian patches Jira server plugin to fix vulnerability

By

Possible credential leak.

Atlassian is warning users of a high-severity security vulnerability in a Jira server plug-in, which could lead to credentials leaking.

Atlassian patches Jira server plugin to fix vulnerability

The Mobile Plugin for Jira Data Centre and Server is used to support users accessing the server from iOS and Android apps.

The company’s advisory says Jira Server and Data Center versions before 8.13.22; from version 8.14.0 before 8.20.10; and from version 8.21.0 before 8.22.4 are affected by this vulnerability.

Also impacted are Jira Service Management Server and Data Center versions before 4.13.22; from version 4.14.0 before 4.20.10; and from version 4.21.0 before 4.22.4.

Cloud sites accessed through an atlassian.net domain are not affected.

Tracked as CVE-2022-26135, the bug is described as a “full-read server-side request forgery”.

While it can only be exploited by an authenticated user, that includes someone who “joined via the sign-up feature”, the advisory explained.

“It specifically affects the batch HTTP endpoint used in Mobile Plugin for Jira. It is possible to control the HTTP method and location of the intended URL through the method parameter in the body of the vulnerable endpoint.”

The bug’s impact is specific to the deployment environment, Atlassian said, but as an example, the company said “when deployed in AWS, it could leak sensitive credentials.”

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?