CVE-2023-50930

Name of the Vulnerable Software and Affected Versions S/Notify versions prior to 4.0.2 for Jira

Description An issue was discovered that allows the configuration settings of S/Notify to be modified via a CSRF attack while an administrative user is logged on. This could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website, potentially leading to email notifications being no longer encrypted when they should be. The exploitation of this issue may allow a remote attacker to perform a CSRF attack.

Recommendations For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the S/Notify configuration settings to minimize the risk of exploitation. Additionally, administrative users should avoid clicking on suspicious links or visiting untrusted websites while logged on to Jira.