Key Summary T Deployment Due Fix Version/s Status Resolution
BAC-1525 An unauthenticated user can download a previously generated support zip Security Advisory Server 5.0.3 Released to Server Fixed
BAC-1524 CSRF/XSRF enables users to start or stop a synchronization Security Advisory Server 5.0.3 Released to Server Fixed
BAC-1523 Reflected XSS vulnerability in the global Backbone administration overview Security Advisory Server 5.0.3 Released to Server Fixed
BAC-1506 Project admins can perform Backbone actions also for other projects Security Advisory Cloud 3.0.62-AC Released to Cloud Fixed
BAC-1502 A project admin is able to fetch other projects information Security Advisory Cloud 3.0.61-AC Released to Cloud Fixed
BAC-1490 A project admin can view basic project information of all projects on the instance Security Advisory Cloud 14/Apr/21 3.0.60-AC Released to Cloud Fixed
BAC-1489 A user is able to generate non-deletable synchronizations for other clients Security Advisory Cloud 14/Apr/21 3.0.60-AC Released to Cloud Fixed
BAC-1448 Users with view only permissions to a Synced project can perform project admin actions in Backbone Security Advisory Cloud 3.0.49-AC Released to Cloud Fixed
BAC-1447 JWT written in "Disable Sync Panel" link Security Advisory Cloud 3.0.49-AC Released to Cloud Fixed
BAC-1443 SSRF vulnerability at New Synchronization screen Security Advisory Cloud, Server 28/Sep/20 3.0.49-AC, 4.2.4 Released Fixed
BAC-1437 XSS vulnerability in the resync dialog Security Advisory Cloud, Server 11/Sep/20 4.2.2, 3.0.48-AC Released Fixed
BAC-1425 Backbone data is still accessible after Jira user permissions changed Security Advisory Cloud 13/Aug/20 3.0.47-AC Released to Cloud Fixed
BAC-1381 IDOR vulnerability in Backbone Issue Sync Security Advisory Cloud, Server 18/Dec/19 4.1.1, 3.0.41-AC Released Fixed
BAC-1380 Sensitive Data Exposure in Backbone Issue Sync admin interface Security Advisory Cloud 18/Dec/19 3.0.41-AC Released to Cloud Fixed
BAC-1351 Token Leakage In Backbone Issue Sync (2019-10-02) Security Advisory Cloud 02/Oct/19 3.0.34-AC Released to Cloud Fixed
BAC-1350 XSS vulnerability in Backbone Issue Sync admin interface (2019-10-02) Security Advisory Cloud, Server 02/Oct/19 4.1.0, 3.0.34-AC Released Fixed
BAC-1349 XSS vulnerability in Backbone's issue sync panel (2019-10-02) Security Advisory Cloud 02/Oct/19 3.0.34-AC Released to Cloud Fixed
BAC-1338 XSS vulnerability in Backbone Issue Sync (2019-09-02) Security Advisory Cloud 02/Sep/19 3.0.33-AC Released to Cloud Fixed
BAC-1330 XML vulnerability in Backbone Issue Sync (2019-08-16) Security Advisory Cloud 16/Aug/19 3.0.30-AC Released to Cloud Fixed
BAC-1309 Remote code execution vulnerability in Backbone Issue Sync (2019-06-24) Security Advisory Cloud, Server 24/Jun/19 3.9.3, 4.0.1, 3.0.28-AC Released Fixed
BAC-1304 Backbone Issue Sync For Jira Cloud - Security Advisory 2019-06-06 Security Advisory Cloud 06/Jun/19 3.0.27-AC Released to Cloud Fixed
BAC-1231 Backbone Issue Sync For Jira Cloud - Critical Severity Security Advisory (2019-01-11) Security Advisory Cloud 11/Jan/19 Released to Cloud Fixed
22 issues