Atlassian Crowd pdkinstall arbitrary plugin installation

2020-12-22T00:00:00
ID SAINT:D25E7B1EADCBDB3AEA5E303651C7CC2C
Type saint
Reporter SAINT Corporation
Modified 2020-12-22T00:00:00

Description

Added: 12/22/2020

Background

Atlassian Crowd is a single sign-on solution for Atlassian products.

Problem

Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution.

Resolution

Upgrade to Atlassian Crowd 3.0.5, 3.1.6, 3.2.8, 3.3.5, 3.4.4 or higher.

References

<https://jira.atlassian.com/browse/CWD-5388>

Limitations

This exploit creates a servlet which must be manually removed.

Platforms

Windows
Linux