Administration actions can be performed by any Confluence user
Advisory Release Date
21 January 2021
RemindMe for Jira
all RemindMe for Jira versions until 1.3.3
We were able to identify security vulnerabilities in our RemindMe for Jira app.
The vulnerabilites allows any logged-in user to delete all filters and subscriptions and to (re-)send the reminders for a specific date.
The vulnerabilitiy to delete the filters and subscriptions has been rated as P4 (LOW) and the vulnerabilitiy to (re-)send the reminders has been rated as P3 (Medium) according to the scale published under the Bugcrowd’s Vulnerability Rating Taxonomy (VRT).
All versions of RemindMe for Jira until version 1.3.3 are affected by this vulnerabilities.
If you are using an affected version of RemindMe for Jira, please immediately upgrade to version 1.3.4.