Global Permission granted to users after app upgrade
Incident
Report for Atlassian Developer
Resolved
Starting from March 27th, Atlassian rolled out changes that affected the way Global Permissions provided by Connect Apps are assigned to user groups after app upgrade.
Specifically, after app upgrade, Global Permissions were added back to user groups, even after being manually removed by Jira admins.
Although we don't have evidence of unauthorized access, users being granted these permissions could have access to:
1. restricted data that Apps extracted from Jira and then stored locally
2. restricted data that other users created via the App directly
Timeline of events:
2023-03-27 8:01 UTC - potential impact start for all apps, caused by Atlassian-side changes
2023-06-01 17:56 UTC - impact end for all apps, permissions aren't mistakenly added to user groups after app upgrades
Please note that wrongly added permissions were not revoked and will need to be checked manually by the customer.
We are now marking this incident as resolved.
We apologize for any inconveniences this may have caused you, your team, and our mutual customers. We are committed to finding and preventing the root cause of the issue.
Specifically, after app upgrade, Global Permissions were added back to user groups, even after being manually removed by Jira admins.
Although we don't have evidence of unauthorized access, users being granted these permissions could have access to:
1. restricted data that Apps extracted from Jira and then stored locally
2. restricted data that other users created via the App directly
Timeline of events:
2023-03-27 8:01 UTC - potential impact start for all apps, caused by Atlassian-side changes
2023-06-01 17:56 UTC - impact end for all apps, permissions aren't mistakenly added to user groups after app upgrades
Please note that wrongly added permissions were not revoked and will need to be checked manually by the customer.
We are now marking this incident as resolved.
We apologize for any inconveniences this may have caused you, your team, and our mutual customers. We are committed to finding and preventing the root cause of the issue.
This incident affected: Developer (Create and manage apps).