Jira Seraph Authentication Bypass (CVE-2022-0540)
Description
Jira Server and Data Center versions contain an authentication bypass vulnerability in the Seraph authentication framework (CVE-2022-0540). Attackers can exploit this flaw by sending specially crafted HTTP requests that manipulate authentication parameters, allowing them to bypass authentication controls entirely and gain unauthorized access to the Jira instance without providing valid credentials.
Remediation
Immediately upgrade to a patched version of Jira based on your current version:
• Jira 8.13.x: Upgrade to 8.13.18 or later
• Jira 8.14.x - 8.19.x: Upgrade to 8.20.6 or later
• Jira 8.20.x: Upgrade to 8.20.6 or later
• Jira 8.21.x: Upgrade to 8.22.0 or later
• Jira 8.22.x: Upgrade to 8.22.0 or later
If immediate patching is not possible, implement network-level access controls to restrict Jira access to trusted IP addresses only, and monitor authentication logs for suspicious activity. Consult the official Atlassian security advisory for complete version-specific guidance and additional mitigation steps.