This advisory discloses a security vulnerability found and fixed in Comala Document Approval. We recommend upgrading Comala Document Approval to the latest supported version.
Affected Versions
The vulnerability affects all the Comala Document Approval versions up to 1.10.11
The 1.10.12 release contains a fix for the issues mentioned below.
Vulnerabilities
Severity
Comalatech rates the severity of these issues as High according to the published Atlassian Security Levels. We have ranked the vulnerability as high because:
Registered and anonymous users can perform unauthorized actions that will result in significant data loss.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
Description
We have fixed vulnerabilities that allowed users to do unauthorized actions.
Risk Mitigation
We recommend all users to upgrade to Comala Document Approval to 1.10.12