Bug Bounty
Hello,
We are writing to inform you of a security vulnerability that was recently identified in the Customer Satisfaction Survey for Jira. The vulnerability affects cloud version only. We have identified a security vulnerability due to a library bundled in our app. We are addressing this issue right now. The pediod vulnerability was present 2021/04/26.
This vulnerability has been rated as P1 - Critical, according to the scale published on the Common Vulnerability Scoring System (CVSS).
The vulnerability was identified / brought to our notice by Bug Bounty on 26/06/2021. Once we became aware of the issue, we identified that the vulnerability was caused by an older library (Springboot) sourced by Atlassian. Based on what we found, remediation actions to upgrade Springboot to ensure that this vulnerability is now fixed.
We are working with Atlassian to update the Atlassian Marketplace with an updated listing of our app that is free from this vulnerability. No further action is required from you at this point.
We want you to know that we take this issue very seriously. We are conducting a thorough review of our internal processes to ensure this does not occur again for you and our other customers.
If you have any questions, please feel free to raise a support request at support.atlassian.com referencing AMS-11052.
Sincerely,
Joseph Huynh
Candylio Softwares