Hi all,
While adopting Rovo, has any of your Cybersec teams conducted Penetration testing? Have they identified any issues like Prompt Injection or Sensitive Information Disclosure?
We have seen these identified in one of our very secure Cloud Enterprise org and I'd like to find what solution was applied to overcome this. Any help appreciated.
Atlassian has its own place for reporting the vulnerabilities upon the penetration testing. You would need to report this vulnerability, they need to verify it and upon that, they would apply a fix.
You can report that in here: https://www.atlassian.com/trust/security/report-a-vulnerability
They also have a bug bounty program that is hosted by Bugcrowd where the report could also be reported.
OffensiveSecurity has a good article on this: https://www.offsec.com/blog/how-to-prevent-prompt-injection/
Thank you @Nikola Perisic This has been reported to Atlassian and they are involved with the Security team in understanding further details. We have investigated the permissions and the system is quite restricted in itself. So must be something else causing in the underlying LLM layer.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.