Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassianSecurity-metrics-botATLASSIAN:CWD-5072
HistoryMar 08, 2018 - 9:26 a.m.

The console login did not rotate the session id during login - CVE-2017-18105

2018-03-0809:26:17
security-metrics-bot
jira.atlassian.com
26

EPSS

0.005

Percentile

75.3%

JSON

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user’s JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.

Related

prion 1
atlassian 1
cvelist 1
nvd 1
cve 1
prion
prion
Session fixation
2019-03-29 14:29:00
atlassian
atlassian
The console login did not rotate the session id during login - CVE-2017-18105
2018-03-08 09:26:17
cvelist
cvelist
CVE-2017-18105
2019-03-29 14:04:53
nvd
nvd
CVE-2017-18105
2019-03-29 14:29:00
cve
cve
CVE-2017-18105
2019-03-29 14:29:00

EPSS

0.005

Percentile

75.3%

JSON
Related for ATLASSIAN:CWD-5072
prion1atlassian1cvelist1nvd1cve1