Security Vulnerabilities

Articles

Security Vulnerability – Unauthorized Creation of Connections
Note : Atlassian cloud users have already been updated unless pinned to a certain version. Details of the Vulnerability On Friday,14th of January - We discovered a vulnerability in Exalate allowing unauthorized creation of connections. U...
Security Vulnerability — You can Access Restricted Project Data with the Connect Operation
In this version of Exalate, you can access data from a restricted project with the Connect  operation. How the Vulnerability Works Let's assume that  john.doe is a regular user with no admin access to Jira. Jira has the following setup An...
Security Vulnerability – Anonymous Access to Exalate for Jira Cloud and Exalate for Salesforce
Note : Exalate cloud nodes have already been updated unless pinned to a certain version.   Details of the Vulnerability On Wednesday, October 5, 2022 – we discovered a critical vulnerability in Exalate allowing unauthorized access to Exalat...
Exalate Response to the Recent Vulnerability CVE-2022-22965
On Friday, April 1, 2022 - we were made aware of the Vulnerability CVE-2022-22965 in Spring Framework . The results of our investigation is that Exalate is NOT affected by this vulnerability as Exalate is using Play Framework which is not bas...
Exalate Response to Log4j Vulnerability - CVE-2021-44228
On Saturday, December 10, 2021 - we were made aware of the Log4j vulnerability in the apache logging framework ( CVE-2021-44228 ), ( CVE-2021-45046 ), and ( CVE-2021-45105 ). The results of our investigation are that Exalate is NOT affected by ...
Security Vulnerability: Low-Risk Vulnerability in JWT Transmission Through Headers
In March 2024, we identified a low-risk vulnerability related to the JWT (JSON web token) transmitted through headers. The vulnerability is considered low-risk because its exploitation is unlikely or would have minimal impact due to additional s...