CVE-2019-20902

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1...

CVE-2019-20902

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1...

Code injection

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1...

CVE-2019-20902

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1...

CVE-2019-20902

Summary: CVE-2019-20902 describes a vulnerability in Crowd where upgrading via XML Data Transfer can reactivate a disabled OpenLDAP user. The issue affects Crowd versions prior to 3.4.6 and 3.5.0 prior to 3.5.1; fixed in 3.4.6 and 3.5.1+ (per records). Impact/behavior: during upgrade, disabled Op...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...