Atlassian Connect Express
By the Year
In 2023 there have been 0 vulnerabilities in Atlassian Connect Express . Connect Express did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.70 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Connect Express vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Atlassian Connect Express Security Vulnerabilities
Broken Authentication in Atlassian Connect Express (ACE)
CVE-2021-26073
7.7 - High
- April 16, 2021
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Atlassian Connect Express or by Atlassian? Click the Watch button to subscribe.
