This site has moved to the integrated Appfire documentation and information site for our apps.

From February 2024 this site is no longer updated.

Take a look here! If you have any questions please email support@appfire.com

Comala Boards Security Advisory 2022-10-18

This advisory discloses a security vulnerability found and fixed in Comala Boards.  We recommend upgrading Comala Boards to the latest supported version.

Affected Versions

The vulnerability affects all Comala Boards versions

The v2.3.11 release contains a fix for the issue mentioned below.

XSS Vulnerabilities

Severity

Comalatech rates the severity of these issues as Medium according to the published Atlassian Security Levels. We have ranked the vulnerability as medium because: 

  • A registered user with edit permissions over pages or blog posts in the application could do the following: 

    • Session riding

    • Stealing information and cookies

    • Creating a phishing page within the domain

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed a cross-site scripting vulnerability. The vulnerability could allow a user with page-level permissions to use another user's session.

Risk Mitigation

Recommend upgrading Comala Boards to v2.3.11

If you are not able to upgrade immediately, please disable the application until you can upgrade it.