This advisory discloses a security vulnerability found and fixed in Comala Document Control. We recommend upgrading Comala Document Control to the latest supported version.

Affected Versions

The vulnerability affects Comala Document Control 1.9.0 → 1.9.9

The 1.9.10 release contains a fix for the issue mentioned below.

Versions prior to 1.9.0 are not affected.

SQL Injection Vulnerability

Severity

Comalatech rates the severity of these issues as High according to the published Atlassian Security Levels.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

We have fixed a SQL Injection vulnerability in Comala Document Control.

Risk Mitigation

Sites running Comala Document Control 1.9.0 → 1.9.9 are recommend to upgrade to Comala Document Control 1.9.10

If upgrading immediately is not possible, you can limit the number of users that have the ability to exploit the vulnerabilities by restricting Confluence Administrator privileges to trusted users.