Vulnerabilities for Connect spring boot (...) - CXSECURITY.COM

Vulnerabilities for 'Connect spring boot'

2021-04-16

CVE-2021-26074

CWE-863

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 - 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

>>> Vendor: Atlassian 44 Products

Jira service desk

Jira integration for hipchat

Bitbucket auto unapprove plugin

Bitbucket server

Floodlight controller

Application links

Universal plugin manager

Jira service desk server

Troubleshooting and support

Saml single sign on

Subversion application lifecycle management

Jira software data center

Navigator links

Alfresco enterprise content management

Connect express

Connect spring boot

Jira server and data center

Jira service management

Confluence data center

Confluence server

Bitbucket data center

Jira data center

Assets discovery data server

Assets discovery data center

Assets discovery cloud

Copyright 2024, cxsecurity.com