csaf_certbund - wid-sec-w-2025-1111

WID-SEC-W-2025-1111

Vulnerability from csaf_certbund - Published: 2025-05-20 22:00 - Updated: 2025-05-20 22:00

Summary

Atlassian Jira: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Atlassian Jira ausnutzen, um seine Privilegien zu erhöhen, und um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Jira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Jira ausnutzen, um seine Privilegien zu erh\u00f6hen, und um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1111 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1111.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1111 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1111"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Advisory vom 2025-05-20",
        "url": "https://jira.atlassian.com/browse/JSWSERVER-26383"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Advisory vom 2025-05-20",
        "url": "https://jira.atlassian.com/browse/JRASERVER-78766"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Jira: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-21T09:49:08.476+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1111",
      "initial_release_date": "2025-05-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.12.20",
                "product": {
                  "name": "Atlassian Jira \u003c9.12.20",
                  "product_id": "T044039"
                }
              },
              {
                "category": "product_version",
                "name": "9.12.20",
                "product": {
                  "name": "Atlassian Jira 9.12.20",
                  "product_id": "T044039-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:9.12.20"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.5.1",
                "product": {
                  "name": "Atlassian Jira \u003c10.5.1",
                  "product_id": "T044041"
                }
              },
              {
                "category": "product_version",
                "name": "10.5.1",
                "product": {
                  "name": "Atlassian Jira 10.5.1",
                  "product_id": "T044041-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:10.5.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.12.22",
                "product": {
                  "name": "Atlassian Jira \u003c9.12.22",
                  "product_id": "T044042"
                }
              },
              {
                "category": "product_version",
                "name": "9.12.22",
                "product": {
                  "name": "Atlassian Jira 9.12.22",
                  "product_id": "T044042-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:9.12.22"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.6.0",
                "product": {
                  "name": "Atlassian Jira \u003c10.6.0",
                  "product_id": "T044043"
                }
              },
              {
                "category": "product_version",
                "name": "10.6.0",
                "product": {
                  "name": "Atlassian Jira 10.6.0",
                  "product_id": "T044043-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:10.6.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.3.5",
                "product": {
                  "name": "Atlassian Jira \u003c10.3.5",
                  "product_id": "T044044"
                }
              },
              {
                "category": "product_version",
                "name": "10.3.5",
                "product": {
                  "name": "Atlassian Jira 10.3.5",
                  "product_id": "T044044-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:10.3.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22157",
      "product_status": {
        "known_affected": [
          "T044039",
          "T044041",
          "T044043",
          "T044042",
          "T044044"
        ]
      },
      "release_date": "2025-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-22157"
    },
    {
      "cve": "CVE-2025-24970",
      "product_status": {
        "known_affected": [
          "T044039",
          "T044041",
          "T044043",
          "T044042",
          "T044044"
        ]
      },
      "release_date": "2025-05-20T22:00:00.000+00:00",
      "title": "CVE-2025-24970"
    }
  ]
}

CVE-2025-22157 (GCVE-0-2025-22157)

Vulnerability from cvelistv5 – Published: 2025-05-20 18:00 – Updated: 2025-05-21 03:55

Summary

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program.

Severity ?

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

PrivEsc (Privilege Escalation)

Assigner

atlassian

References

URL

Tags

	https://confluence.atlassian.com/pages/viewpage.a…
	https://jira.atlassian.com/browse/JRASERVER-78766
	https://jira.atlassian.com/browse/JSDSERVER-16206

Impacted products

Vendor

Product

Version

Atlassian

Jira Core Data Center

Affected: 10.5.0
Affected: 10.4.0 to 10.4.1
Affected: 10.3.0 to 10.3.4
Affected: 9.12.0 to 9.12.19
Unaffected: 10.6.0
Unaffected: 10.5.1
Unaffected: 10.3.5 to 10.3.6
Unaffected: 9.12.22 to 9.12.23

Atlassian	Jira Core Server	Affected: 9.12.0 to 9.12.19 Unaffected: 9.12.22 to 9.12.23
Atlassian	Jira Service Management Data Center	Affected: 10.5.0 Affected: 10.4.0 to 10.4.1 Affected: 10.3.0 to 10.3.4 Affected: 5.12.0 to 5.12.19 Unaffected: 10.6.0 Unaffected: 10.5.1 Unaffected: 10.3.5 to 10.3.6 Unaffected: 5.12.22 to 5.12.23
Atlassian	Jira Service Management Server	Affected: 5.12.0 to 5.12.19 Unaffected: 5.12.22 to 5.12.23

Credits

Internal (Atlassian)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22157",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-21T03:55:32.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jira Core Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "10.5.0"
            },
            {
              "status": "affected",
              "version": "10.4.0 to 10.4.1"
            },
            {
              "status": "affected",
              "version": "10.3.0 to 10.3.4"
            },
            {
              "status": "affected",
              "version": "9.12.0 to 9.12.19"
            },
            {
              "status": "unaffected",
              "version": "10.6.0"
            },
            {
              "status": "unaffected",
              "version": "10.5.1"
            },
            {
              "status": "unaffected",
              "version": "10.3.5 to 10.3.6"
            },
            {
              "status": "unaffected",
              "version": "9.12.22 to 9.12.23"
            }
          ]
        },
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "9.12.0 to 9.12.19"
            },
            {
              "status": "unaffected",
              "version": "9.12.22 to 9.12.23"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "10.5.0"
            },
            {
              "status": "affected",
              "version": "10.4.0 to 10.4.1"
            },
            {
              "status": "affected",
              "version": "10.3.0 to 10.3.4"
            },
            {
              "status": "affected",
              "version": "5.12.0 to 5.12.19"
            },
            {
              "status": "unaffected",
              "version": "10.6.0"
            },
            {
              "status": "unaffected",
              "version": "10.5.1"
            },
            {
              "status": "unaffected",
              "version": "10.3.5 to 10.3.6"
            },
            {
              "status": "unaffected",
              "version": "5.12.22 to 5.12.23"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "5.12.0 to 5.12.19"
            },
            {
              "status": "unaffected",
              "version": "5.12.22 to 5.12.23"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:10.5.0:*:*:*:data_center:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "10.4.1",
                  "versionStartIncluding": "10.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "10.3.4",
                  "versionStartIncluding": "10.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "9.12.19",
                  "versionStartIncluding": "9.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:10.6.0:*:*:*:data_center:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:10.5.1:*:*:*:data_center:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "10.3.6",
                  "versionStartIncluding": "10.3.5",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "9.12.23",
                  "versionStartIncluding": "9.12.22",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:server:*:*:*",
                  "versionEndIncluding": "9.12.19",
                  "versionStartIncluding": "9.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_core:*:*:*:*:server:*:*:*",
                  "versionEndIncluding": "9.12.23",
                  "versionStartIncluding": "9.12.22",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.5.0:*:*:*:data_center:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "10.4.1",
                  "versionStartIncluding": "10.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "10.3.4",
                  "versionStartIncluding": "10.3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "5.12.19",
                  "versionStartIncluding": "5.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.6.0:*:*:*:data_center:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:10.5.1:*:*:*:data_center:*:*:*",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "10.3.6",
                  "versionStartIncluding": "10.3.5",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                  "versionEndIncluding": "5.12.23",
                  "versionStartIncluding": "5.12.22",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                  "versionEndIncluding": "5.12.19",
                  "versionStartIncluding": "5.12.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                  "versionEndIncluding": "5.12.23",
                  "versionStartIncluding": "5.12.22",
                  "vulnerable": false
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Internal (Atlassian)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions:\n\n9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server\n\n5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server\n\nThis PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. \n\nAtlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\n\nJira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20\n\nJira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20\n\nJira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5\n\nJira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5\n\nJira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0\n\nJira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0\n\nJira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1\n\nJira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1\n\nSee the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. \n\nThis vulnerability was reported via our Atlassian (Internal) program."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "PrivEsc (Privilege Escalation)",
              "lang": "en",
              "type": "PrivEsc (Privilege Escalation)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T18:00:01.328Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1561365992"
        },
        {
          "url": "https://jira.atlassian.com/browse/JRASERVER-78766"
        },
        {
          "url": "https://jira.atlassian.com/browse/JSDSERVER-16206"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2025-22157",
    "datePublished": "2025-05-20T18:00:01.328Z",
    "dateReserved": "2025-01-01T00:01:27.175Z",
    "dateUpdated": "2025-05-21T03:55:32.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24970 (GCVE-0-2025-24970)

Vulnerability from cvelistv5 – Published: 2025-02-10 21:57 – Updated: 2025-04-16 15:37

Summary

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	netty	netty	Affected: >= 4.1.91.Final, <= 4.1.117.Final

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-1111

CVE-2025-22157 (GCVE-0-2025-22157)

CVE-2025-24970 (GCVE-0-2025-24970)

Tags

Sightings

Nomenclature