Overview
This advisory discloses security vulnerabilities found and fixed in Comala Workflows.
We recommend upgradingĀ Comala Workflows to the latest supported version.
Affected Versions
The vulnerability affects Comala Workflows 4.8 through to 4.13.3.
The 4.13.4 release contains a fix for the issue mentioned below.
XSS Vulnerabilities
Severity
Comalatech rates the severity of these issues as Medium according to the published Atlassian Security Levels.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
Description
We have fixed a reflected cross site scripting vulnerability in Comala Workflows.
Risk Mitigation
We recommend you upgrade Comala Workflows to 4.13.4 or later.
Acknowledgements
Comalatech would like to thank the KPMG Security Team for reporting this vulnerability.