DoS (Denial of Service) in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2022-25927 was introduced in versions 5.3.1, 6.0.0, 6.1.0, 6.2.0, 6.3.0, 7.0.0, and 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2026-21569

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

EUVD-2026-4913

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

CVE-2026-21569

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

DoS (Denial of Service) org.apache.commons:commons-fileupload2-core Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to access...

XXE (XML External Entity Injection) org.apache.tika:tika-core Dependency in Crowd Data Center and Server

This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This High severity XXE XML External Entity Injection vulnerability was introduced in versions 6.3.0, 6.3.1, 6.3.2, 7.1.0, and 7.1.1 of Crowd Data...

Insecure Deserialization kind-of Dependency in Crowd Data Center and Server

This High severity Insecure Deserialization vulnerability was introduced in versions 2.0.1, 3.2.2, 6.3.0, 7.0.0, and 7.1.0 of Crowd Data Center and Server. This Insecure Deserialization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N allow...

XXE (XML External Entity Injection) Tika Dependency Vulnerability in Crowd Data Center and Server

This Crowd release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for exploitation...

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...

CVE-2023-22521

This High severity RCE Remote Code Execution vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.0, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality,...

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...

Atlassian Crowd和Atlassian Jira 访问控制错误漏洞

Atlassian Crowd and Atlassian Jira are both products of Atlassian Australia.Atlassian Crowd is a web-based single sign-on system. The system provides authentication, authorization and other functions for multiple users, web applications and directory servers.Atlassian Jira is a defect tracking...

Crowd: Multiple Servlet Filter Vulnerabilities

Multiple Servlet Filter vulnerabilities have been fixed in Crowd Server and Data Center. These vulnerabilities also affect other Atlassian products. For more information, refer to Atlassian's security...

DoS (Denial of Service) in Crowd Data Center and Crowd Server - CVE-2022-29885

h2. Summary of Vulnerability This critical severity DoS Denial of Service vulnerability known as CVE-2022-29885 was introduced in version 4.0.0 of Crowd Data Center and Crowd Server. h2. Affected Versions ||Product||Affected Versions|| |Crowd Data Center Crowd Server|- 4.0.0 - 5.0.0| h2. Fixed...

Disabled users still recieve 'Share Page' emails sent to groups

Steps to Reproduce in Confluence: Create a user, and set to 'Disabled' Create a Group and make this user a member of this group Share a page with the group This results in an email being sent to the inactive user Steps to Reproduce with a Crowd server handling user management: Same as above, but...

Disabled users still recieve 'Share Page' emails sent to groups

Steps to Reproduce in Confluence: Create a user, and set to 'Disabled' Create a Group and make this user a member of this group Share a page with the group This results in an email being sent to the inactive user Steps to Reproduce with a Crowd server handling user management: Same as above, but...