Uploaded image for project: 'Backbone Issue Sync'
  1. BAC-1231

Backbone Issue Sync For Jira Cloud - Critical Severity Security Advisory

    Details

    • Type: Security Advisory
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Sprint:
    • Deployment:
      Cloud

      Description

      This advisory discloses a security issue of critical severity affecting Backbone Issue Sync for Jira Cloud (including the applications Jira Core, Jira Software and Jira Service Desk), and provides a guide for your next steps.

      If you have Backbone Issue Sync for Jira Cloud installed on your Jira instances, you may be affected by this issue. Using this vulnerability an attacker might have been able to access data on your Jira Cloud instance without your consent.

      All versions of Backbone Issue Sync for Jira Cloud have already been updated to a fixed version, thus the vulnerability is closed for the future. You don’t have to install any updates yourself.

      Nevertheless you must act now to ensure that your Jira Cloud instance has not been compromised through this vulnerability.

      What are your next steps?

      1. If you have Backbone Issue Sync for Jira Cloud installed on a Jira cloud instance (e.g. Jira cloud instances like example.jira.com or example.atlassian.net), you might be affected. 
      2. As a Jira Administrator open the global list of Backbone synchronizations in your Jira cloud instance by navigating to Jira Settings > Apps / Add-ons > Synchronizations in the Backbone Issue Sync section. Check if all synchronizations are correct and intentionally created by you. 
      3. If you find a synchronization which has not been created by you or your team, please reach out to us at support@k15t.com. Please also check if any of your synchronization's connection details are not configured as they should have been. In the message to our support, please provide the synchronization name and the configured base url's. We'll then provide further steps how to continue.

       

      In case you have any questions or want to get support in fixing the issue on your system please let us know at support@k15t.com.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              shesse Sebastian Hesse (K15t)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Backbone Issue Sync

                  Inspector Sketch