Connect Express Atlassian Connect Express

Do you want an email whenever new security vulnerabilities are reported in Atlassian Connect Express?

By the Year

In 2024 there have been 0 vulnerabilities in Atlassian Connect Express . Connect Express did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 1 7.70
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Connect Express vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Atlassian Connect Express Security Vulnerabilities

Broken Authentication in Atlassian Connect Express (ACE)

CVE-2021-26073 7.7 - High - April 16, 2021

Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.


Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Atlassian Connect Express or by Atlassian? Click the Watch button to subscribe.