This site has moved to the integrated Appfire documentation and information site for our apps.

From February 2024 this site is no longer updated.

Take a look here! If you have any questions please email support@appfire.com

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This advisory discloses security vulnerabilities found and fixed in Comala Workflows.  We recommend upgrading Comala Workflows to the latest supported version.

Affected Versions

The vulnerability affects Comala Workflows 5.0.0 → 5.1.0.

The 5.1.1 release contains a fix for the issue mentioned below.

Versions prior to 5.0.0 are not affected.

XSS Vulnerabilities

Severity

Comalatech rates the severity of these issues as Medium according to the published Atlassian Security Levels.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed some persistent cross site scripting vulnerabilities in Comala Workflows.

Risk Mitigation

Sites running Comala Workflows 5.0.0-5.1.0 are recommend to upgrade to Comala Workflows to 5.1.1.

If upgrading immediately is not possible, you can limit the number of users that have the ability to exploit the vulnerabilities by restricting who can create/edit workflows to trusted users.


  • No labels