[3.3.0] - 2021-11-24
As part of the audit of the mobile application, security researcher Johannes Dahse, from Cure53 team, found that the Passbolt API v3.3 is prone to a key confusion attack. The JWT Authentication is currently in beta, and the plugin is disabled by default. This issue however affects users that have enabled the plugin to test the Mobile apps they should either disable it or update now.
Security fix
- PBL-06-008 Fix JWT key confusion leads to authentication bypass (High) (BETA)