Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

CVE-2023-22501 - Broken Authentication vulnerability

Roman Treynker
Roman Treynker February 1, 2023

The notification of the Broken Authentication vulnerability went out saying the following versions 5.3.0 to 5.3.1 and 5.4.0 to 5.5.0 are affected by this vulnerability.

Are older versions affected? We're still on 4.22.6

Answer
Watch
Like Robertas likes this
585 views

3 answers

1 accepted

2 votes
Answer accepted
Benjamin S
Benjamin S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 1, 2023

Hi @Roman Treynker

Welcome to the Atlassian Community! As specified in the Security Advisory, no Jira Service Management (JSM) 4.x.x versions are affected by the vulnerability. For all affected 5.x.x versions, new bugfix releases have been published.

A slight correction to @Tommy Augustine's comment: JSM 4.22.x will reach its End of Life date on February 16, 2024 – right around the same time as the Jira Server end of support.

Cheers,
Ben

View More Comments
Tommy Augustine
Tommy Augustine February 2, 2023

Thanks, Ben! That's a less stressful answer to an admin now lol

Like Benjamin S likes this
Reply
2 votes
Tommy Augustine
Tommy Augustine February 1, 2023

I'm going to say "No" it's not. My logic for this answer is that 4.22 is not yet End Of Life for another year (February 16, 2024), and because it is not EOL yet, Atlassian would still report the version as affected in their open ticket

 

Edit: Corrected EOL Date (Thanks Ben!)

Reply
1 vote
Roman Treynker
Roman Treynker February 2, 2023

Thank you, both!

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
SERVER
VERSION
4.22.6
TAGS
AUG Leaders

Atlassian Community Events

    See all events