Atlassian has published a security advisory for its Jira and Jira Service Management products that are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework. The flaw is tracked as CVE-2022-0540 and comes with CVSS severity rating of 9.9. It allows a remote attacker to bypass authentication by sending a specially crafted HTTP request to vulnerable endpoints. The versions that include the security updates are Jira Core Server, Jira Software Server, and Jira Software Data Center 8.13.18, 8.20.6, 8.22.0. As for the Jira Service Management, the fixed versions are 4.13.18, 4.20.6, and 4.22.0.

Source: atlassian.com