Crowd Security Vulnerabilities and Issues — Crowd CVE List

Lucene search

AtlassianCrowd

4 matches found

CVE•added 2019/12/17 4:15 a.m.•78 views

CVE-2017-18107

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

6.5CVSS6.5AI score0.00411EPSS

CVE•added 2018/01/31 2:29 p.m.•43 views

CVE-2017-16858

The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given th...

6.8CVSS6.5AI score0.00135EPSS

CVE•added 2019/03/29 2:29 p.m.•32 views

CVE-2017-18110

The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.

6.5CVSS6.3AI score0.00171EPSS

CVE•added 2019/03/29 2:29 p.m.•31 views

CVE-2017-18109

The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

6.1CVSS6.2AI score0.00148EPSS