Security bulletin

2020-11-16

Some user URLs have been protected against potential CSR that could lead to XSS attacks.

Please upgrade to the 9.7.2 version to resolve this issue

2020-09-11

SQL+JQL Driver app is subscribed to the Atlassian Bug Bounty program and a critical vulnerability has been found running on Windows Servers where it is possible to run local applications.

Please upgrade to the 9.7.0 version to resolve this issue

2020-08-31

Ethical hackers from Russia have been contracted to find vulnerabilities in the app. They have reported a number of vulnerabilities with several severity levels: low, medium, high, and critical.

Ths impact of those vulnerabilities are:

  • Malicious Jira users with no access to the console (untrusted) area able to run SQL queries and perform XSS attacks and read file system archives with CSV format.

  • Malicious anonymous users can read file system archives with CSV format.

Please upgrade to the 9.5.1 version to resolve this issue

2020-07-21

A security threat was detected in 9.4.0 and previous versions allowing a malicious Jira user to perform an XSS attack (Javascript injection). Credits for Ivan Rumak and Alexey Rumak that reported it via https://detectify.com/. Thank you!

Please upgrade to the 9.4.1 or above version to resolve this issue

 

2019-10-16

A security threat was detected in 7.12.x and previous versions allowing a malicious Jira user to perform an XSS attack (Javascript injection).

Please upgrade to the 7.13.0 or above version to resolve this issue