About CVE-2022-0540, the Seraph authentication bypass vulnerability

CVE-2022-0540 - Authentication bypass in Seraph has been discovered for Jira and Jira Service Management Server and Data Center, also affecting third party apps that have a certain vulnerable WebWork configuration.

Please read Atlassian’s security advisory about the vulnerability: https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html.


Is Kantega SSO Enterprise affected?

From our investigations, Kantega SSO Enterprise is NOT affected by the exploit to third party apps. According to Atlassian’s security advisory, apps that are vulnerable only if they are installed on a vulnerable version of the host system, and satisfy the following condition:

“third party apps that specify roles-required at the webwork1 action namespace level and do not specify it at an action level.”

Kantega SSO Enterprise does not have a webwork1 configuration in the plugin.xml descriptor, and does therefore not have a vulnerable configuration as a third party app based on the current knowledge of the exploit. We will keep staying posted for new updates about the scope of the vulnerability.

Note that Kantega SSO submits authentication to the host system’s Seraph authenticator. This means that if your Jira instance is affected, Kantega SSO will likely offer no additional protection for the exploit, and your system will be vulnerable to authentication bypass. We recommend to follow Atlassian’s advisories for using non-vulnerable versions of Jira and Jira Service Management.

Sources

https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html

https://nvd.nist.gov/vuln/detail/CVE-2022-0540

Changelog

Initial publicationApr 21, 2022 13:45 CET