null


Skip to end of banner
Go to start of banner

Comala Boards Security Advisory 2020-11-12

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This advisory discloses a security vulnerability found and fixed in Comala Boards.  We recommend upgrading Comala Boards to the latest supported version.

Affected Versions

The vulnerability affects Comala Boards 2.3.3 and lower versions

The 2.3.4 release contains a fix for the issue mentioned below.

Cross-Site Request Forgery Vulnerability

Severity

Comalatech rates the severity of these issues as Medium according to the published Atlassian Security LevelsWe have ranked the vulnerability as medium because:

  • Cross-Site Request Forgery (CSRF) vulnerability affecting only Comala Boards related actions

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

Authenticated users with enough permissions to perform certain Comala Boards actions could be tricked into unwillingly performing them.

Risk Mitigation

Sites running Comala Boards 2.3.3 or lower are recommend to upgrade to Comala Boards 2.3.4


  • No labels