Articles
Security Vulnerability – Unauthorized Creation of Connections
Note : Atlassian cloud users have already been updated unless pinned to a certain version. Details of the Vulnerability On Friday,14th of January - We discovered a vulnerability in Exalate allowing unauthorized creation of connections. U...
Security Vulnerability — You can Access Restricted Project Data with the Connect Operation
In this version of Exalate, you can access data from a restricted project with the Connect operation. How the Vulnerability Works Let's assume that john.doe is a regular user with no admin access to Jira. Jira has the follow...
Security Vulnerability – Anonymous Access to Exalate for Jira Cloud and Exalate for Salesforce
Note : Exalate cloud nodes have already been updated unless pinned to a certain version. Details of the Vulnerability On Wednesday, October 5, 2022 – we discovered a critical vulnerability in Exalate allowing unauthorized acces...
Exalate Response to the Recent Vulnerability CVE-2022-22965
On Friday, April 1, 2022 - we were made aware of the Vulnerability CVE-2022-22965 in Spring Framework . The results of our investigation is that Exalate is NOT affected by this vulnerability as Exalate is using Play Framework which is not bas...
Exalate Response to Log4j Vulnerability - CVE-2021-44228
On Saturday, December 10, 2021 - we were made aware of the Log4j vulnerability in the apache logging framework ( CVE-2021-44228 ), ( CVE-2021-45046 ), and ( CVE-2021-45105 ). The results of our investigation are that Exalate is NOT affected by ...