CVE-2023-50932

Name of the Vulnerable Software and Affected Versions savignano S/Notify versions prior to 4.0.2 for Confluence

Description An issue was discovered that allows the configuration settings of S/Notify to be modified via a CSRF attack while an administrative user is logged on. This could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed, an attacker could exploit this to modify the configuration of the S/Notify app, potentially leading to email notifications being no longer encrypted when they should be.

Recommendations For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the S/Notify configuration settings to minimize the risk of exploitation. Avoid using the S/Notify app until the issue is resolved.