Comala Document Management Security Advisory 2022-08-04

This advisory discloses a security vulnerability identified and fixed in Comala Document Management.  We recommend upgrading Comala Document Management to the latest supported version.

Affected Versions

The vulnerability affects all the Comala Document Management versions up to 6.16.15.

Comala Document Management v6.16.16 release contains a fix for the issues mentioned below.

Vulnerabilities

Severity

Comalatech rates the severity of these issues as High according to the published Atlassian Security Levels.

We have ranked the vulnerability as High because: 

  • registered and anonymous users can perform unauthorized actions that will result in significant data loss

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed the vulnerability that allowed some users to undertake unauthorized actions.

Risk Mitigation

We recommend that all users upgrade Comala Document Management to at least v6.16.16.