Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Affects CVE-2022-23529 (JWT) atlassian products?

Jörg Werner
Jörg Werner
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 11, 2023

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23529

Answer
Watch
Like # people like this
1464 views

3 answers

1 accepted

Suggest an answer

Log in or Sign up to answer
3 votes
Answer accepted
David at David Simpson Apps
David at David Simpson Apps
Atlassian Partner
January 11, 2023

Look for a formal announcement from Atlassian, however my findings are as follows:

This CVE is for jsonwebtoken <= 8.5.1.

  • Atlassian have written their own library for JWT (atlassian-jwt) which does not depend on jsonwebtoken, so likely this is what they use internally in their own apps*
  • Apps built on the Atlassian Connect Express (ACE) framework use atlassian-jwt and are therefore should not be affected
  • Running npm list -a on an ACE-based app's source code shows no dependency on jsonwebtoken

* I say "likely" here as I have no real way of knowing what they do internally, so again, look for a formal announcement from Atlassian.

Reply
2 votes
Ste Wright
Ste Wright
Community Champion
January 11, 2023

Hi @Jörg Werner 

I'd check on the Security Advisories pages:

Ste

Reply
0 votes
Alex Koxaras _Relational_
Alex Koxaras _Relational_
Community Champion
January 11, 2023

Hi @Jörg Werner 

Currently we have no formal announcement from Atlassian. I would indeed take a look at the links provided by Stephen and keep a look out at the community as well.

Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.