CVE-2023-22501

🗓️ 01 Feb 2023 18:00:36Reported by atlassianType

An authentication vulnerability in Jira Service Management Server and Data Center allows attacker to impersonate another user and gain access to instance under certain circumstances

Reporter	Title	Published	Views	Family All 22
Circl	CVE-2023-22501	1 Feb 202322:14	–	circl
CNNVD	Atlassian JIRA Data Center 授权问题漏洞	1 Feb 202300:00	–	cnnvd
Cvelist	CVE-2023-22501	1 Feb 202318:00	–	cvelist
EUVD	EUVD-2023-26641	3 Oct 202520:07	–	euvd
Tenable Nessus	Atlassian JIRA Service Desk 5.3.x < 5.3.3 / 5.4.x < 5.4.2 / 5.5.x < 5.5.1 Impersonation (JSDSERVER-12312)	3 Feb 202300:00	–	nessus
Tenable Nessus	Atlassian Jira Service Management 5.3.0 < 5.3.3 Critical Authentication Vulnerability	3 May 202300:00	–	nessus
Tenable Nessus	Atlassian Jira Service Management 5.4.0 < 5.4.2 Critical Authentication Vulnerability	3 May 202300:00	–	nessus
Tenable Nessus	Atlassian Jira Service Management 5.5.0 < 5.3.3 Critical Authentication Vulnerability	3 May 202300:00	–	nessus
Atlassian	Critical severity authentication vulnerability - CVE-2023-22501	12 Jan 202322:45	–	atlassian
Malwarebytes	Update now! February's Patch Tuesday tackles three zero-days	15 Feb 202303:00	–	malwarebytes

NVD

Node

atlassian jira_service_managementRange5.3.0–5.3.3data_center

atlassian jira_service_managementRange5.3.0–5.3.3server

atlassian jira_service_managementRange5.4.0–5.4.2data_center

atlassian jira_service_managementRange5.4.0–5.4.2server

atlassian jira_service_managementMatch5.5.0data_center

atlassian jira_service_managementMatch5.5.0server

[
  {
    "vendor": "Atlassian",
    "product": "Jira Service Management Data Center",
    "versions": [
      {
        "version": "before 5.3.0",
        "status": "unaffected"
      },
      {
        "version": "before 5.3.3",
        "status": "affected"
      },
      {
        "version": "before 5.4.2",
        "status": "affected"
      },
      {
        "version": "before 5.5.1",
        "status": "affected"
      },
      {
        "version": "before 5.6.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Atlassian",
    "product": "Jira Service Management Server",
    "versions": [
      {
        "version": "before 5.3.0",
        "status": "unaffected"
      },
      {
        "version": "before 5.3.3",
        "status": "affected"
      },
      {
        "version": "before 5.4.2",
        "status": "affected"
      },
      {
        "version": "before 5.5.1",
        "status": "affected"
      },
      {
        "version": "before 5.6.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/JSDSERVER-12312

21 Nov 2024 07:44Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19.1

CVSS 39.4

EPSS0.0236

SSVC

CWE-287