N/A

Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions 1.1.0 before 2.1.3 and versions 2.1.4 before 2.1.5 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

N/A

N/A

Atlassian Connect Spring Boot 授权问题漏洞

Atlassian Connect Spring Boot是澳大利亚Atlassian公司的一个应用组件。提供一个Spring Boot入门程序，用于为JIRA（软件，服务台和核心）和Confluence构建Atlassian Connect附加组件。 Atlassian Connect Spring Boot 存在安全漏洞。该漏洞源于程序错误地接受生命周期终结点（例如安装）中的上下文JWT，从而允许攻击者发送经过身份验证的重新安装事件到应用程序。以下产品及版本受到影响：Atlassian Connect

N/A

N/A