Vulnerability notification 3: RemindMe for Jira



Authentication bypass vulnerability in RemindMe for Jira

Advisory Release Date

20 April 2022


RemindMe for Jira

Affected Versions

all RemindMe for Jira versions until 1.3.4

Fixed Version



We were notified by Atlassian about a security vulnerability in Jira and Jira Service Management Server and Data Center. The vulnerability also affected our RemindMe for Jira app by allowing any user to perform administrator actions.

The vulnerability has been rated as P1 according to the scale published under the Bugcrowd’s Vulnerability Rating Taxonomy (VRT).


If you are using RemindMe for Jira in one of the affected versions until 1.3.4 please update to RemindMe for Jira 1.3.5.

Root Cause

Root cause of the vulnerability is explained in more details in CVE-2022-0540.