Select Page

Request Smuggling – Jira CVE-2022-42252

Jan 24, 2024 | Atlassian, Solving Problems

KithSolvingProblems

Description and Immediate Mitigation Steps

Vulnerability Information:

    • Severity: The critical vulnerability in Atlassian Confluence is classified as “High.”
    • Versions Impacted: 9.4.09.4.19.4.29.4.39.4.49.4.59.4.69.4.79.4.89.4.99.4.109.4.11
    • Vulnerability Type – Request Smuggling:  This vulnerability allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation. It has no impact on confidentiality, a high impact on integrity, no impact on availability, and requires no user interaction.
    • CVE Identifier: The specific vulnerability is tracked as CVE-2022-42252.
    • CVSS Score: Atlassian assigned a  CVSS score of 7.5 to this vulnerability, highlighting its severity. This score is due to the ease with which attackers can gain Jira access due to it being susceptible to exploitation.

Affected Versions:

    • The vulnerability impacts Atlassian Confluence Data Center and Server versions, particularly version 9.4.09.4.19.4.29.4.39.4.49.4.59.4.69.4.79.4.89.4.99.4.109.4.11

Recommended Actions:

    • Jira Software Data Center and Server customers should upgrade to the latest version.
    • If unable to upgrade to the latest fix version for this exposure in 9.4 Jira
      • For Jira Software Data Center and Server 9.4, upgrade to a release greater than or equal to 9.4.12.

Standard Manual Upgrade Steps:

    • Notify users of outage for critical hotfixing
    • Stop services across all nodes
    • Backup existing database and shared home prior to upgrade
    • Make copies of the setenv.sh and server.xml found in the application install directories bin & conf (these hold critical settings we want to propogate again post upgrade
    • Download the hotfix from the Atlassian archives
    • Apply the upgrade, do not auto-start services
    • Copy back the setenv.sh, server.xml, and any other customized files you had to copy during the upgrade process
    • Restart services and perform smoke testing once Confluence is available

 

Conclusion:

The advisory regarding unauthenticated attacker to expose assets in your environment susceptible to exploitation. With a CVSS score of 7.5, this vulnerability poses a significant threat.

It is crucial for users of Jira Software Data Center and Server, especially those on affected versions, to follow Atlassian’s recommendations and upgrade to the specified versions or apply the necessary fixes to mitigate the security risks associated with this vulnerability.

    Here is the notice from the National Vulnerability Database

    Link to Atlassian ticket can be found here. 

    Thanks for visiting, click here to learn more about out our Atlassian Cloud Services!