Security bulletin

Owned by Pablo Beltran (Unlicensed)
Last updated: Aug 28, 2022 by Pablo Beltran
1 min read

2022-08-29

A XSS vulnerability has been fixed.

Please upgrade to the 10.0.2 version to resolve this issue

2022-08-13

A XSS vulnerability has been fixed.

Please upgrade to the 10.0.1 version to resolve this issue

2020-11-16

Some user URLs have been protected against potential CSR that could lead to XSS attacks.

Please upgrade to the 9.7.2 version to resolve this issue

2020-09-11

SQL+JQL Driver app is subscribed to the Atlassian Bug Bounty program and a critical vulnerability has been found running on Windows Servers where it is possible to run local applications.

2020-08-31

Ethical hackers from Russia have been contracted to find vulnerabilities in the app. They have reported a number of vulnerabilities with several severity levels: low, medium, high, and critical.

Ths impact of those vulnerabilities are:

  • Malicious Jira users with no access to the console (untrusted) area able to run SQL queries and perform XSS attacks and read file system archives with CSV format.

  • Malicious anonymous users can read file system archives with CSV format.

2020-07-21

A security threat was detected in 9.4.0 and previous versions allowing a malicious Jira user to perform an XSS attack (Javascript injection). Credits for Ivan Rumak and Alexey Rumak that reported it via https://detectify.com/. Thank you!

 

2019-10-16

A security threat was detected in 7.12.x and previous versions allowing a malicious Jira user to perform an XSS attack (Javascript injection).