4 matches found
CVE-2022-43782
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...
Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products
Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system...
CVE-2022-43782
CVE-2022-43782 affects Atlassian Crowd. Affected: Crowd versions 3.x, 4.x before 4.4.4, and 5.x before 5.0.3. Root cause: security misconfiguration allows an attacker from an IP on the crowd application allowlist to authenticate as the crowd application and call privileged endpoints in Crowd’s RE...
Crowd DC Critical Security Misconfiguration Vulnerability - CVE-2022-43782
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the crowd application...