CVE-2022-0540 - Authentication bypass in Seraph has been discovered for Jira and Jira Service Management Server and Data Center, also affecting third party apps that have a certain vulnerable WebWork
configuration.
Please read Atlassian’s security advisory about the vulnerability: https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html.
Is Kantega SSO Enterprise affected?
From our investigations, Kantega SSO Enterprise is NOT affected by the exploit to third party apps. According to Atlassian’s security advisory:
“third party apps that specify
roles-required
at thewebwork1
action namespace level and do not specify it at an action level.”
Kantega SSO Enterprise does not have a webwork1
configuration in the plugin.xml descriptor, and does therefore not have a vulnerable configuration as a third party app based on the current knowledge of the exploit. We will keep staying up to date for updates about the vulnerability’s scope.
However, Kantega SSO submits authentication to the host system’s Seraph authenticator. This means that if your Jira instance is affected, Kantega SSO will offer no additional protection, and your system will be vulnerable to authentication bypass. We recommend to follow Atlassian’s advisories for using non-vulnerable versions of Jira and Jira Service Management.
Changelog
Initial publication 13:45 CET