Type: Security Advisory
Affects versions: None
Fix versions: None
This advisory discloses a security issue of critical severity affecting Backbone Issue Sync for Jira Cloud (including the applications Jira Core, Jira Software and Jira Service Desk), and provides a guide for your next steps.
If you have Backbone Issue Sync for Jira Cloud installed on your Jira instances, you may be affected by this issue. Using this vulnerability an attacker might have been able to access data on your Jira Cloud instance without your consent.
All versions of Backbone Issue Sync for Jira Cloud have already been updated to a fixed version, thus the vulnerability is closed for the future. You don’t have to install any updates yourself.
Nevertheless you must act now to ensure that your Jira Cloud instance has not been compromised through this vulnerability.
- If you have Backbone Issue Sync for Jira Cloud installed on a Jira cloud instance (e.g. Jira cloud instances like example.jira.com or example.atlassian.net), you might be affected.
- As a Jira Administrator open the global list of Backbone synchronizations in your Jira cloud instance by navigating to Jira Settings > Apps / Add-ons > Synchronizations in the Backbone Issue Sync section. Check if all synchronizations are correct and intentionally created by you.
- If you find a synchronization which has not been created by you or your team, please reach out to us at email@example.com. Please also check if any of your synchronization's connection details are not configured as they should have been. In the message to our support, please provide the synchronization name and the configured base url's. We'll then provide further steps how to continue.
In case you have any questions or want to get support in fixing the issue on your system please let us know at firstname.lastname@example.org.