Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Recent Security Advisory Regarding Jira Service Management

David Yu
David Yu October 21, 2021

I don't see this in the mitigation, but removing disabling Insight is also a valid strategy, right?

Answer
Watch
Like serkan_sezer likes this
306 views

1 answer

1 accepted

4 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 21, 2021

Hi @David Yu ,

I've moved your question into its own topic to reduce confusion for folks looking at other questions.

Removing the plugin entirely is a strategy that would mitigate the vulnerability, only if you are on a version of Jira Service Management prior to 4.15.0 when the app became bundled with JSM. Do note we are talking about using the Uninstall action in the plugin manager rather than the Disable action. However, versions of Jira Service Management in which you can uninstall Insight also can be mitigated by upgrading to version 8.9.3 of the Insight app.

Can you confirm which version of Jira Service Management you are running?

Thanks,
Daniel Eads | Atlassian Support

View More Comments
serkan_sezer
serkan_sezer April 29, 2022

Hi, we are using version 8.20.1. We do not even have a mobile add-on among our add-ons, in this case, do we need to take any precautions? There is quite a bit of confusion when I read the other titles.

thank you

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events