Crowd@3.3.0 Security Vulnerabilities and Issues — Crowd@3.3.0 CVE List

Lucene search

AtlassianCrowd3.3.0

3 matches found

CVE•added 2019/06/03 2:29 p.m.•982 views

CVE-2019-11580

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits rem...

9.8CVSS9.5AI score0.94406EPSS

In wildWeb

CVE•added 2020/02/06 3:15 a.m.•109 views

CVE-2019-20104

The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.

7.5CVSS7.6AI score0.02432EPSS

CVE•added 2019/02/13 6:29 p.m.•35 views

CVE-2018-20238

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

8.1CVSS8AI score0.00173EPSS