...
...
This advisory discloses a security vulnerability found and fixed in Comala Boards. We recommend upgrading Comala Boards to the latest supported version.
Affected Versions
The vulnerability
...
affects Comala Boards 2.3.3 and lower versions
...
The 2.3.4 release contains a fix
...
for the issue mentioned below.
Cross-Site Request Forgery Vulnerability
Severity
...
We rate the severity of these issues
...
as Medium
...
according to the
...
published Atlassian Security Levels.
...
We have ranked the vulnerability as
...
Medium because
...
Cross-Site Request Forgery (CSRF) vulnerability affecting only Comala Boards-related actions
This is an independent assessment and you should evaluate its applicability to your
...
IT environment.
Description
Authenticated users with enough permissions to perform certain Comala Boards actions could be tricked into unwillingly performing them.
Risk Mitigation
Sites running Comala Boards 2.3.3 or lower are
...
recommended to upgrade to Comala Boards 2.3.4.