A critical vulnerability was fixed this week in Jira Service Management Server, a popular IT services management platform for enterprises, that could allow attackers to impersonate users and gain access to access tokens. If the system is configured to allow public sign-up, external customers can be affected as well.
The bug was introduced in Jira Service Management Server and Data Center 5.3.0, so versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0 are affected. Atlassian has released fixed versions of the software but has also provided a workaround that involves updating a single JAR file in impacted deployments. Atlassian Cloud instances are not vulnerable.
To read this article in full, please click here
More Stories
Deepfake Ukrainian diplomat targeted US senator on Zoom call
The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top...
Governments Urge Improved Security and Resilience for Undersea Cables
The US, UK, EU and other global partners have called for a global approach to strengthening the security of global...
Ireland’s DPC Hits Meta with €91 Million Penalty for GDPR Violation
Ireland's Data Protection Commission fines Meta Platforms €91 million for mishandling user passwords and GDPR violations Read More
US Sanctions Crypto Exchanges for Facilitating Russian Cybercrime
The US has sanctioned Cryptex, PM2BTC and a Russian national for processing hundreds of millions of dollars derived from cybercrime...
NIST Recommends Some Common-Sense Password Rules
NIST’s second draft of its “SP 800-63-4“—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements...
Man Arrested Over UK Railway Station Wi-Fi Hack
The suspect is an employee of Global Reach Technology, which provides some Wi-Fi services to Network Rail Read More