7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.03 Low
EPSS
Percentile
89.4%
h2. Summary of Vulnerability
This critical severity DoS (Denial of Service) vulnerability known as CVE-2022-29885 was introduced in version 4.0.0 of Crowd Data Center and Crowd Server.
h2. Affected Versions
||Product||Affected Versions||
|Crowd Data Center
Crowd Server|- 4.0.0
h2. Fixed Versions
||Product||Fixed Versions||
|Crowd Data Center
Crowd Server|- 6.0.2 or later|
h2. What You Need to Do
Atlassian recommends that you upgrade your instance to one of the versions listed in the โFixed Versionsโ table section of this ticket. For full descriptions of the above versions of Crowd Data Center and Crowd Server, see the [release notes|https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html]. You can download the latest version of Bitbucket from the [download center|https://www.atlassian.com/software/crowd/download-archive].
h2. Mitigation:
There are no known workarounds. To remediate this vulnerability, update each affected product installation to a fixed version.
For additional details, please see full advisory here: https://confluence.atlassian.com/pages/viewpage.action?pageId=1252327929
h2. Acknowledgments
This vulnerability was discovered by Internal Scanner and reported via our Atlassian (Internal) program.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.03 Low
EPSS
Percentile
89.4%