Lucene search
AtlassianCVELIST:CVE-2018-20238HistoryFeb 13, 2019 - 6:00 p.m.
CVE-2018-20238
2019-02-1318:00:00
atlassian
www.cve.org
8
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
CNA Affected
[
{
"product": "Crowd",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "3.2.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
},
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
atlassian
atlassian
Insufficient Session Expiration of user sessions - CVE-2018-20238
2019-02-13 00:37:34
Insufficient Session Expiration of user sessions - CVE-2018-20238
2019-02-13 00:37:34
prion
prion
Session fixation
2019-02-13 18:29:00
cve
cve
CVE-2018-20238
2019-02-13 18:29:00
nvd
nvd
CVE-2018-20238
2019-02-13 18:29:00