Connect Express
Approved changes feed: RSS · Atom
cpe:2.3:a:atlassian:connect_express:*:*:*:*:*:node.js:*:*
part: a version: * update: *
| Vendor | Atlassian (8acde0d4-2b83-5bd8-8d3f-60d59e0b022e) |
|---|---|
| Product | Connect Express (a53ab6ed-f1db-5b1b-b33f-4113d27115ac) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | node.js |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-26073 |
vulnerable | 2026-06-03 14:44:06.162930 |
Details available
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions from 3.0.2 before 6.6.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.
Published: 2021-04-16T03:00:19.147Z
Updated: 2025-02-12T20:46:54.554Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.