Latest atlassian crowd Vulnerabilities

CVE-2023-22521
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8....
Atlassian Crowd>=3.4.0<5.1.6
Atlassian Crowd=5.2.0
CVE-2022-26137
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2022-26136
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
CVE-2020-36240
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF di...
Atlassian Crowd<4.0.4
Atlassian Crowd>=4.1.0<4.1.2
CVE-2019-20902
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
Atlassian Crowd<3.4.6
Atlassian Crowd>=3.5.0<3.5.1
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vul...
Atlassian Crowd<3.2.11
Atlassian Crowd>=3.3.0<3.3.8
Atlassian Crowd>=3.4.0<3.4.7
Atlassian Crowd>=3.5.0<3.5.2
Atlassian Crowd>=3.6.0<3.6.2
Atlassian Crowd>=3.6.3<3.7.1
and 1 more
CVE-2017-18107
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) v...
Atlassian Crowd<3.1.1
CVE-2019-15005
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to ...
Atlassian Troubleshooting and Support<1.17.2
Atlassian Bamboo<6.10.2
Atlassian Bitbucket<6.6.0
Atlassian Confluence<7.0.1
Atlassian Crowd<3.6.0
Atlassian Crucible<4.7.2
and 2 more
CVE-2019-11580
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
Atlassian Crowd>=2.1.0<3.0.5
Atlassian Crowd>=3.1.0<3.1.6
Atlassian Crowd>=3.2.0<3.2.8
Atlassian Crowd>=3.3.0<3.3.5
Atlassian Crowd>=3.4.0<3.4.4
CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attacker...
Atlassian Application Links<5.0.11
Atlassian Application Links>=5.1.0<5.2.10
Atlassian Application Links>=5.3.0<5.3.6
Atlassian Application Links>=5.4.0<5.4.12
Atlassian Application Links>=6.0.0<6.0.4
Atlassian Confluence Data Center<6.15.2
and 8 more
CVE-2017-18110
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulne...
Atlassian Crowd<3.0.2
Atlassian Crowd=3.1.0
CVE-2017-18106
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remot...
Atlassian Crowd<2.9.1
CVE-2017-18109
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as...
Atlassian Crowd<3.0.2
Atlassian Crowd=3.1.0
CVE-2017-18108
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
Atlassian Crowd<2.10.2
CVE-2017-18105
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain...
Atlassian Crowd<3.0.2
Atlassian Crowd>=3.1.0<3.1.1
CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient sess...
Atlassian Crowd<3.2.7
Atlassian Crowd>=3.3.0<3.3.4
CVE-2016-10740
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to request...
Atlassian Crowd<2.10.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203