Vulnerability notification 2: RemindMe for Jira


Administration actions can be performed by any Confluence user

Advisory Release Date

21 January 2021 


RemindMe for Jira

Affected Versions

all RemindMe for Jira versions until 1.3.3

Fixed Version



We were able to identify security vulnerabilities in our RemindMe for Jira app.

The vulnerabilites allows any logged-in user to delete all filters and subscriptions and to (re-)send the reminders for a specific date.

The vulnerabilitiy to delete the filters and subscriptions has been rated as P4 (LOW) and the vulnerabilitiy to (re-)send the reminders has been rated as P3 (Medium) according to the scale published under the Bugcrowd’s Vulnerability Rating Taxonomy (VRT).

All versions of RemindMe for Jira until version 1.3.3 are affected by this vulnerabilities.


If you are using an affected version of RemindMe for Jira, please immediately upgrade to version 1.3.4.

Root Cause

Security tokens are missing.