v3.3.1
·
2221 commits
to master
since this release
d919298
This commit was signed with the committer’s verified signature.
Tecnobutrul
Daniel Del Rio
[3.3.0] - 2021-11-24
As part of the audit of the mobile application, security researcher Johannes Dahse, from Cure53 team, found that the Passbolt API v3.3 is prone to a key confusion attack. The JWT Authentication is currently in beta, and the plugin is disabled by default. This issue however affects users that have enabled the plugin to test the Mobile apps they should either disable it or update now.
Security fix
- PBL-06-008 Fix JWT key confusion leads to authentication bypass (High) (BETA)