According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.0 prior to 4.20.6 or 4.21.0 prior to 4.22.6. It is, therefore, affected by a authentication bypass vulnerability in Jira Seraph which may allow remote, unauthenticated attackers via a specially crafted URL to bypass authentication and authorization requirements in WebWork actions using an affected configuration.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Atlassian Jira versions < 8.13.18, 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x < 8.20.6, 8.21.x and Atlassian Jira Service Management versions < 4.13.18, 4.14.x, 4.15.x, 4.16.x, 4.17.x, 4.18.x, 4.19.x, 4.20.x < 4.20.6 and 4.21.x use a common authentication framework named Atlassian Jira Seraph which suffers from an authentication bypass vulnerability.

By crafting a specific HTTP request, a remote and unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization requirements in WebWork actions using an affected configuration. The impact of the vulnerability depends on the applications used in the Jira or Jira Service Management instance and their usage of the Jira Seraph framework.

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is affected by an authentication bypass vulnerability. Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to bypass authentication and authorization requirements in WebWork actions using an affected configuration.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

ID	Name	Product	Family	Published	Updated	Severity
113884	Atlassian Jira Service Management 4.21.0 < 4.22.6 Seraph Authentication Bypass	Web App Scanning	Component Vulnerability	5/3/2023	5/3/2023	critical
113249	Atlassian Jira Seraph Authentication Bypass	Web App Scanning	Component Vulnerability	6/28/2022	6/28/2022	critical
113883	Atlassian Jira Service Management 4.14.0 < 4.20.6 Seraph Authentication Bypass	Web App Scanning	Component Vulnerability	5/3/2023	5/3/2023	critical
160077	Atlassian Jira < 8.13.18 / 8.14.x < 8.20.6 / 8.21.x Authentication Bypass in Seraph (JRASERVER-73650)	Nessus	CGI abuses	4/22/2022	6/5/2024	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical