This issue has been fixed in Jira 7.0.6 and later. Additionally, the LDAP Authenticated Users permission gives full control over the LDAP server to authenticated users. This might allow an authenticated user to add/edit/delete other users. This issue has been fixed in Jira 7.0.6 and later. The LDAP Authenticated Users permission gives full control over the LDAP server to authenticated users. This might allow an authenticated user to add/edit/delete other users.
Additionally, there are several reported issues with the Atlassian Add-on SDK 2.0.6 and later. If you are using the Atlassian Add-on SDK 2.0.6 or later, make sure to upgrade as soon as possible to a newer version. An updated version of the Atlassian Add-on SDK is being released to address these issues. Stay tuned for more information on this release.
Atlassian Add-on SDK 2.0 and later
This issue has been fixed in Jira 7.0.6 and later. Additionally, there are several reported issues with the Atlassian Add-on SDK 2.0.6 and later. If you are using the Atlassian Add-on SDK 2.0.6 or later, make sure to upgrade as soon as possible to a newer version. An updated version of the Atlassian Add-on SDK is being released to address these issues. Stay tuned for more information on this release
Atlassian Add-on SDK 2.0.6
This issue has been fixed in Jira 7.0.6 and later. Additionally, the LDAP Authenticated Users permission gives full control over the LDAP server to authenticated users. This might allow an authenticated user to add/edit/delete other users. This issue has been fixed in Jira 7.0.6 and later. The LDAP Authenticated Users permission gives full control over the LDAP server to authenticated users. This might allow an authenticated user to add/edit/delete other users.
Additionally, there are several reported issues with the Atlassian Add-on SDK 2.0.6 and later. If you are using the Atlassian Add-on SDK 2.0.6 or later, make sure to upgrade as soon as possible to a newer version of the Atlassian Add-on SDK when it's released (stay tuned for more information on this release).
Limitations and Disclaimer
This issue has been fixed in Jira 7.0.6 and later. Additionally, the LDAP Authenticated Users permission gives full control over the LDAP server to authenticated users. This might allow an authenticated user to add/edit/delete other users. This issue has been fixed in Jira 7.0.6 and later. The LDAP Authenticated Users permission gives full control over the LDAP server to authenticated users. This might allow an authenticated user to add/edit/delete other users.
This is a bug that was reported with the Atlassian Add-on SDK 2.0.6 and later versions of this SDK are now available that addresses this issue, please check for updates or upgrade your current installation as soon as possible so you can take advantage of these fixes and improvements
Atlassian Add-on SDK 2.0.6 and Later
The Atlassian Add-on SDK 2.0.6 and later has a reported issue where sensitive data from the Web Console is not encrypted when sent to the Browser Extension. Someone with access to your Web Console might be able to see this information. To address this, the Atlassian Add-on SDK 2.0.7 and later will automatically encrypt sensitive data before it is sent to the Browser Extension and will use HTTPS instead of HTTP to send the sensitive data.
Additionally, if you are using an older version of the Atlassian Add-on SDK 2.0, make sure to upgrade as soon as possible to a newer version because you will not be able to take advantage of these security improvements in that older version.
Atlassian Add-on SDK 2.0.6 and later
There have been several reported issues with the Atlassian Add-on SDK 2.0.6 and later. If you are using the Atlassian Add-on SDK 2.0.6 or later, make sure to upgrade as soon as possible to a newer version. An updated version of the Atlassian Add-on SDK is being released to address these issues. Stay tuned for more information on this release.
You can view the full list of known issues in Jira 7 here: https://jira.atlassian.com/projects/JRA/issues
One issue that was fixed was CVE-2022-38367 which has been fixed in Jira 7.0.6 and later.
Timeline
Published on: 09/05/2022 18:15:00 UTC
Last modified on: 09/08/2022 14:51:00 UTC