A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.
Tracked as CVE-2023-22501, the vulnerability has a critical severity score of 9.4, as calculated by Atlassian. It could be used to target bot accounts in particular, due to their frequent interactions with other users and their increased likelihood to be included in Jira issues or requests or receiving emails with a “View Request” link - either condition being necessary for acquiring signup tokens.
