2024 06 25 - P2 Security issue
A security vulnerability was recently identified in Elements Connect and fixed on June 26th 2024. Here are the details about the issue, its impact and the analysis and actions taken.
Nature of the issue
The vulnerability was present since the version of Elements Connect for Jira Cloud published on (Forge remote feature).
The vulnerability meant when configuring a field to fetch data from a REST API endpoint, all data returned by the API, including potentially unwanted information, was visible in the browser's network tab.
This vulnerability has been rated as high, according to the scale published on the Common Vulnerability Scoring System (CVSS).
The vulnerability was detected by our technical team on
Impact
Some users without the appropriate rights could access the API data through the browser network tab.
Analysis and actions taken
Once we detected the issue, a plan was then elaborated by the IT team to analyse the situation, bring a fix for the issue and deploy it as quickly as possible.
We fixed this data exposure on .
Deployment of the fixed version was conducted by following the usual CI procedure.
On top of the automatic tests, we made another series of tests to ensure that the problem was fixed in production.
Conclusion
We want you to know that we take this issue very seriously. We are conducting a thorough review of our internal processes to ensure this does not occur again for our customers.
If you have any questions, please feel free to raise a support request at support.elements-apps.com referencing "ECC-3325".