CVE-2023-50931

Name of the Vulnerable Software and Affected Versions savignano S/Notify versions prior to 2.0.1 for Bitbucket

Description An issue was discovered that allows the configuration settings of S/Notify to be modified via a CSRF attack while an administrative user is logged on. This could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website, potentially leading to email notifications being no longer encrypted when they should be.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the S/Notify configuration settings to minimize the risk of exploitation. Avoid using the S/Notify app on a host where an administrator is logged on to Bitbucket until the issue is resolved.