Hi,
I came across one of the Scurity Issues/Vulnerability
This has been tested.
Just wanted to highlight here.
hi
This vulnerability was highlighted by Cloudesk
Thank you for bringing this up on the Trust & Security Community. Atlassian's security team is aware of this incident and we have followed security protocol to invalidate affected session tokens. Atlassian is conducting a comprehensive investigation, though our security team has not found evidence of a compromise within our systems or products. No customer action is required at this time. We will share another update once our investigation concludes.
Hi Dawn,
Is this available somewhere as an official message/advice?
Thanks,
Andrew
Hi Andrew. The statement above is reiterated on a handful of news articles, see the one below in the UPDATE section:
https://www.itworldcanada.com/article/atlassian-admins-warned-of-session-cookie-vulnerabilty/517864
Atlassian is working on further communications and I can add them to this thread once they are ready!
I saw that @Dan Hranj has recently posted this announcement in this community group: https://community.atlassian.com/t5/Trust-Security-articles/Atlassian-response-to-claims-regarding-session-tokens-cookies/ba-p/2217925.
In essence, Atlassians say:
Our security team did not find a vulnerability in Atlassian Cloud or On-Premise products or a breach of Atlassian systems related to the incident.
Yes, thank you @Kalin U ! You beat me to it! Thank you for putting it here!