10 matches found
EUVD-2021-12896
Malware in sbrugna...
Broken Authentication in Atlassian Connect Express
Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...
@nexus-switchboard/nexus-conn-jira (>=0.1.0 <=0.2.2), @nexus-switchboard/nexus-mod-service (>=0.4.1 <=0.6.3) +1 more potentially affected by CVE-2021-26073 via atlassian-connect-express (>=3.5.2 <=4.4.1)
atlassian-connect-express NPM version =3.5.2, =0.1.0, =0.4.1, =0.0.1, =2.0.5 Source cves: CVE-2021-26073 Source advisory: OSV:GHSA-4V96-M8XV-X83V...
CVE-2021-26073
Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...
CVE-2021-26073
Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...
Authentication flaw
Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...
CVE-2021-26073
Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...
CVE-2021-26073
CVE-2021-26073 affects Atlassian Connect Express (ACE) in Node.js. ACE versions 3.0.2 through 6.5.0 (before 6.6.0) erroneously accept context JWTs on lifecycle endpoints (e.g., installation) where only server-to-server JWTs should be accepted, enabling an attacker to send authenticated re-install...
CVE-2021-26073
Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...
Bitbucket atlassian-connect-express 授权问题漏洞
Bitbucket atlassian-connect-express is a Bitbucket open source application. Toolkit for creating Atlassian Connect based applications using Node.js. A security vulnerability exists in Bitbucket atlassian-connect-express versions 3.0.2 through 6.6.0, which can be exploited by an attacker to send a...