Boja Consulting

Issue Export to Documents - Security Issue Page

Atlassian notifed us on two security Issues 5 May 2021 with both fixed 8 May 2021

  1. The first was caused by a security weekness in a framework provided by Atlassian (more info here). The impact to the solution was a corner case where Jira anonymous users could extract a Issue PDF although not having access. Please note that default is NOT to allow anonymous users so Jira had to be explicite configured to enable this use case.

  2. The second one was that a user could extract some solution paramters by handlebars Injection in a PDF template. However no impact to user data.

©2016-2021 Boja Consulting AB - Maximize the value of Jira