Bypass Authentication vulnerability in Atlassian Jira Seraph

Threat Level – Amber | Vulnerability Report
Download PDF


For a detailed advisory, download the pdf file here

Atlassian has addressed a vulnerability in its Jira Seraph software, tracked as CVE-2022-0540. An unauthenticated attacker can use to bypass authentication. By submitting a specially crafted HTTP request to the affected software, a threat actor could exploit the vulnerability. Although the vulnerability exists in Jira’s core, it only affects first and third-party apps that define roles-required at the webwork1 action namespace level rather than at the action level. For a given operation to be affected, it must also not complete any further authentication or authorization checks.

This vulnerability has been fixed in Atlassian Jira Server & Data Center versions 8.13.18, 8.20.6 and 8.22.0 and Atlassian Jira Service Management Server and Data Center versions 4.13.18, 4.20.6 and 4.22.0

Vulnerability Details

Patch Links


What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox