EUVD-2017-8032

Malware in sbrugna...

Atlassian Crowd crowd-application plugin module user forgery vulnerability

Atlassian Crowd is a web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization and other functions for multiple users, web applications and directory servers. crowd-application plugin module is one of the SSO management plugin. A security...

CVE-2017-16858

The 'crowd-application' plugin module notably used by the Google Apps plugin in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...

Crowd gives more admin permissions than is apparent

When a crowd application has multiple directories added to it, and a group which is authorised to log into Crowd, all directories with that group are allowed to log in to crowd. However, the UI makes it seem as though only a group in the chosen directory is allowed to log in. Steps to reproduce:...

Crowd gives more admin permissions than is apparent

When a crowd application has multiple directories added to it, and a group which is authorised to log into Crowd, all directories with that group are allowed to log in to crowd. However, the UI makes it seem as though only a group in the chosen directory is allowed to log in. Steps to reproduce:...