Comala Workflows Security Advisory 2016-09-16

Overview

This advisory discloses security vulnerabilities found and fixed in Comala Workflows.

We recommend upgrading  Comala Workflows to the latest supported version.

Affected Versions

The vulnerability affects Comala Workflows 4.8 through to 4.13.3.

The 4.13.4 release contains a fix for the issue mentioned below.

XSS Vulnerabilities

Severity

Comalatech rates the severity of these issues as Medium according to the published Atlassian Security Levels.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed a reflected cross site scripting vulnerability in Comala Workflows.

Risk Mitigation

We recommend you upgrade Comala Workflows to 4.13.4 or later.

Acknowledgements

Comalatech would like to thank the KPMG Security Team for reporting this vulnerability.