2022-01-14 Medium Severity Vulnerability in User Impersonation and Shared Dashboards
- Morgan Folsom (Unlicensed)
- Abdul [Old Street Solution] (Unlicensed)
Summary | Medium Severity Vulnerability in User Impersonation and Shared Dashboards |
|---|---|
Advisory Date | Jan 14, 2022 |
Products | |
Affected versions |
|
Not Impacted |
|
Updated versions |
|
CVSS Score: Base Score | 5.3 |
Summary of Vulnerability
This advisory discloses a medium severity security information disclosure vulnerability affecting our suite of Custom Charts products.
Fixes to cloud versions of our plugin have already been released and all instances are upgraded. For Server and Data-Center upgrade your Installations immediately to fix this vulnerability.
Description
This vulnerability impacts:
Custom Charts macros in Confluence that use the User Impersonation feature (Cloud, Server, and Data Center)
Custom Charts Shared Dashboards on Jira Cloud only
In the above cases, it is possible under certain conditions, for attackers to gain access to some system and all custom field data of Issues in the context of the impersonated User or the Shared Dashboard owner. This can lead to information disclosure.
What you need to do
| Cloud | Server/Data Center |
|---|---|---|
Custom Charts for Jira | No action is required, the latest changes have been deployed to Cloud. | N/A - Not impacted |
Custom Charts for Confluence | No action is required, the latest changes have been deployed to Cloud. | Update Custom Charts to the latest version (4.6.19). |
Support
If you have questions or concerns regarding this advisory, please raise a support request via our Support Portal.