Comala Document Management Security Advisory 2020-10-14
This advisory discloses a security vulnerability found and fixed in Comala Document Management. We recommend upgrading Comala Document Management to the latest supported version.
Affected Versions
The vulnerability affects Comala Document Management 6.10.0 → 6.12.2
The 6.12.3 release contains a fix for the issue mentioned below.
Versions prior to 6.10.0 are not affected.
SQL Injection Vulnerability
Severity
Comalatech rates the severity of these issues as High according to the published Atlassian Security Levels. We have ranked the vulnerability as high because:
- The vulnerability is difficult to exploit - Confluence Administrator privileges are required
- Exploitation could result in a significant data loss or downtime.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
Description
We have fixed a SQL Injection vulnerability in Comala Document Management. The vulnerability could allow a privileged user to have full access to the Confluence database.
Risk Mitigation
Sites running Comala Document Management 6.10.0-6.12.2 are recommend to upgrade to Comala Document Management to 6.12.3
If upgrading immediately is not possible, you can limit the number of users that have the ability to exploit the vulnerabilities by restricting Confluence Administrator privileges to trusted users.