First published: Fri Mar 29 2019(Updated: )
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Crowd | <3.0.2 | |
Atlassian Crowd | >=3.1.0<3.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-18105.
The severity of CVE-2017-18105 is high.
The affected software for CVE-2017-18105 is Atlassian Crowd versions 3.0.2 and from version 3.1.0 before version 3.1.1.
CVE-2017-18105 is a vulnerability in the console login resource of Atlassian Crowd that allows remote attackers to gain access to built-in and third-party rest resources via a session fixation vulnerability.
Yes, a fix is available for CVE-2017-18105. It is recommended to update to version 3.1.1 or later of Atlassian Crowd.