U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2023-50930

Change History

New CVE Received by NIST 1/09/2024 2:15:07 AM

Action Type Old Value New Value
Added CVSS V3.1

								
							
							
						
MITRE AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Added Description

								
							
							
						
An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Jira, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.
Added Reference

								
							
							
						
MITRE https://help.savignano.net/snotify-email-encryption/sa-2023-11-28 [No types assigned]