漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Jira, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
savignano S/Notify 安全漏洞
Vulnerability Description
savignano S/Notify是savignano公司的适用于 Jira、Confluence 和 Bitbucket 的最通用的电子邮件加密解决方案。 savignano S/Notify 4.0.2之前版本存在安全漏洞,该漏洞源于可以通过跨站请求伪造(CSRF)攻击修改配置设置,可能导致电子邮件通知在应加密时不再加密。
CVSS Information
N/A
Vulnerability Type
N/A