Security Vulnerabilities

Note : Atlassian cloud users have already been updated unless pinned to a certain version. Details of the Vulnerability On Friday,14th of January - We discovered a vulnerability in Exalate allowing unauthorized creation of connections. U...

In this version of Exalate, you can access data from a restricted project with the Connect  operation. How the Vulnerability Works Let's assume that  john.doe is a regular user with no admin access to Jira. Jira has the following setup An...

Note : Exalate cloud nodes have already been updated unless pinned to a certain version.   Details of the Vulnerability On Wednesday, October 5, 2022 – we discovered a critical vulnerability in Exalate allowing unauthorized access to Exalat...

On Friday, April 1, 2022 - we were made aware of the Vulnerability CVE-2022-22965 in Spring Framework . The results of our investigation is that Exalate is NOT affected by this vulnerability as Exalate is using Play Framework which is not bas...

On Saturday, December 10, 2021 - we were made aware of the Log4j vulnerability in the apache logging framework ( CVE-2021-44228 ), ( CVE-2021-45046 ), and ( CVE-2021-45105 ). The results of our investigation are that Exalate is NOT affected by ...

In March 2024, we identified a low-risk vulnerability related to the JWT (JSON web token) transmitted through headers. The vulnerability is considered low-risk because its exploitation is unlikely or would have minimal impact due to additional s...

We identified a potential vulnerability that could allow the exposure of system environment variables on Jira DC nodes. This vulnerability is limited to Jira Data Center (DC) instances running versions below 10 and does not extend to other sys...