Latest atlassian crowd Vulnerabilities

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8....
Atlassian Crowd>=3.4.0<5.1.6
Atlassian Crowd=5.2.0
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API un...
Atlassian Crowd>=3.0.0<4.4.4
Atlassian Crowd>=5.0.0<5.0.3
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...
Atlassian Bamboo>=7.2.0<7.2.10
Atlassian Bamboo>=8.0.0<8.0.9
Atlassian Bamboo>=8.1.0<8.1.8
Atlassian Bamboo>=8.2.0<8.2.4
Atlassian Bitbucket<7.6.16
Atlassian Bitbucket>=7.7.0<7.17.8
and 36 more
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF di...
Atlassian Crowd<4.0.4
Atlassian Crowd>=4.1.0<4.1.2
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
Atlassian Crowd<3.4.6
Atlassian Crowd>=3.5.0<3.5.1
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vul...
Atlassian Crowd<3.2.11
Atlassian Crowd>=3.3.0<3.3.8
Atlassian Crowd>=3.4.0<3.4.7
Atlassian Crowd>=3.5.0<3.5.2
Atlassian Crowd>=3.6.0<3.6.2
Atlassian Crowd>=3.6.3<3.7.1
and 1 more
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) v...
Atlassian Crowd<3.1.1
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to ...
Atlassian Troubleshooting and Support<1.17.2
Atlassian Bamboo<6.10.2
Atlassian Bitbucket<6.6.0
Atlassian Confluence<7.0.1
Atlassian Crowd<3.6.0
Atlassian Crucible<4.7.2
and 2 more
Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability
Atlassian Crowd>=2.1.0<3.0.5
Atlassian Crowd>=3.1.0<3.1.6
Atlassian Crowd>=3.2.0<3.2.8
Atlassian Crowd>=3.3.0<3.3.5
Atlassian Crowd>=3.4.0<3.4.4
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attacker...
Atlassian Application Links<5.0.11
Atlassian Application Links>=5.1.0<5.2.10
Atlassian Application Links>=5.3.0<5.3.6
Atlassian Application Links>=5.4.0<5.4.12
Atlassian Application Links>=6.0.0<6.0.4
Atlassian Confluence Data Center<6.15.2
and 8 more
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remot...
Atlassian Crowd<2.9.1
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulne...
Atlassian Crowd<3.0.2
Atlassian Crowd=3.1.0
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
Atlassian Crowd<2.10.2
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as...
Atlassian Crowd<3.0.2
Atlassian Crowd=3.1.0
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain...
Atlassian Crowd<3.0.2
Atlassian Crowd>=3.1.0<3.1.1
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient sess...
Atlassian Crowd<3.2.7
Atlassian Crowd>=3.3.0<3.3.4
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to request...
Atlassian Crowd<2.10.1

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203