Vulnerability notification 3: RemindMe for Jira

 

Summary

Authentication bypass vulnerability in RemindMe for Jira

Advisory Release Date

20 April 2022

Product

RemindMe for Jira

Affected Versions

all RemindMe for Jira versions until 1.3.4

Fixed Version

1.3.5

Problem

We were notified by Atlassian about a security vulnerability in Jira and Jira Service Management Server and Data Center. The vulnerability also affected our RemindMe for Jira app by allowing any user to perform administrator actions.

The vulnerability has been rated as P1 according to the scale published under the Bugcrowd’s Vulnerability Rating Taxonomy (VRT).

Solution

If you are using RemindMe for Jira in one of the affected versions until 1.3.4 please update to RemindMe for Jira 1.3.5.

Root Cause

Root cause of the vulnerability is explained in more details in CVE-2022-0540.