![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![[DEALS] The All-in-One Microsoft Office Pro 2019 for Windows: Lifetime License + Windows 11 Pro Bundle (89% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![What features do you get with Gemini Advanced? [April 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/02/gemini-advanced-cover.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Shares Official Trailer for 'Long Way Home' Starring Ewan McGregor and Charley Boorman [Video]](https://www.iclarified.com/images/news/97069/97069/97069-640.jpg)
![Apple Watch Series 10 Back On Sale for $299! [Lowest Price Ever]](https://www.iclarified.com/images/news/96657/96657/96657-640.jpg)
![EU Postpones Apple App Store Fines Amid Tariff Negotiations [Report]](https://www.iclarified.com/images/news/97068/97068/97068-640.jpg)
The Atlassian OAuth Disaster Nobody’s Talking About
TL;DR: Atlassian 3LO tokens aren’t bound to the specific resource the user consents to. They can expose access to multiple Jira instances — even ones the user never approved — and there’s no way to tell the difference. https://medium.com/@ringr8870/the-atlassian-oauth-disaster-nobodys-talking-about-559eb4dc5767
TL;DR: Atlassian 3LO tokens aren’t bound to the specific resource the user consents to. They can expose access to multiple Jira instances — even ones the user never approved — and there’s no way to tell the difference.
https://medium.com/@ringr8870/the-atlassian-oauth-disaster-nobodys-talking-about-559eb4dc5767
