Atlassian Patches Critical Vulnerability in Jira Data Center Products
On Wednesday, Atlassian, software development and collaboration solutions provider, informed its customers that it had effectively patched a serious vulnerability regarding critical code execution that was plaguing some of its Jira products. Atlassian stated that the bugs were discovered by one of its security researchers, who found that the Jira Data Center, Core Center, and Jira Service Management Data Center software development products were affected by a critical flaw that pertained to missing authentication.
According to the researcher, an attacker who can connect to this service on port 40001 for 40011 would be able to execute arbitrary code in Jira through a process called deserialization. Atlassian stated that it recommends restricting access to the Ehcache ports to only Data Center instances. Fixed versions of Jira will now require a shared secret in order to access this service, said Atlassian in its latest security advisory. Atlassian advised its customers to implement the patch immediately to avoid the risk of attack.