Email This Issue Security Advisory September 28, 2020

About the vulnerability

A Critical vulnerability was discovered on September 17, 2020 by an security incident report submitted via our support portal. The vulnerability meant that with a specially formatted URL, illegal access to administration screens of Email This Issue for Jira Cloud was possible bypassing existing authorizations. If exploited, attacker could have gained access to configuration data and emails stored within the app’s .

The vulnerability has existed since the initial release of the Cloud App and affected all customers.

Our developers eliminated the threat within a few hours and immediately deployed the fix to all customers.

Was the vulnerability exploited?

Right after fixing the app, we reported the incident to Atlassian and asked for help to determine if the vulnerability has even been exploited. Security investigations executed by Atlassian Application Security experts acknowledged that the logs indicated that the vulnerability was not exploited after it had appeared in the app.

What do you need to do?

You do not need to do anything as the vulnerability has already been fixed right after we got aware of it. It is not possible to exploit it any longer.

What do we do to improve security in our apps?

We are committed to follow the security standards set by Atlassian for Marketplace Vendors.

• We executed thorough security tests related to Email This Issue for Jira Cloud and the underlying infrastructure. The tests were performed in Q1-Q2 of 2020.

• We are preparing to execute these tests regularly in the future

• We have started to get approved in the Atlassian Security Self Assessment Program

Got a question?