Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atlassian crowd vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2013-3925
Atlassian Crowd 2.5.x prior to 2.5.4, 2.6.x prior to 2.6.3, 2.3.8, and 2.4.9 allows remote malicious users to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity decla...
Atlassian Crowd 2.5.2
Atlassian Crowd 2.5.1
Atlassian Crowd 2.5.3
Atlassian Crowd 2.5.0
Atlassian Crowd 2.6.0
Atlassian Crowd 2.6.1
Atlassian Crowd 2.6.2
Atlassian Crowd 2.4.9
Atlassian Crowd 2.3.8
1 Article
668
VMScore
CVE-2016-6496
The LDAP directory connector in Atlassian Crowd prior to 2.8.8 and 2.9.x prior to 2.9.5 allows remote malicious users to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.
Atlassian Crowd
Atlassian Crowd 2.9.0
Atlassian Crowd 2.9.1
NA
CVE-2023-22521
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.0, allows an authenticated malicious user to execute arbitrary code which has high ...
Atlassian Crowd
Atlassian Crowd 5.2.0
356
VMScore
CVE-2017-18110
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote malicious users to read files from the filesystem via a XXE vulnerability.
Atlassian Crowd
Atlassian Crowd 3.1.0
516
VMScore
CVE-2017-18109
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote malicious users to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
Atlassian Crowd
Atlassian Crowd 3.1.0
445
VMScore
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 prior to 3.7.1 allows remote malicious users to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
Atlassian Crowd
445
VMScore
CVE-2020-36240
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 prior to 4.1.2 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Atlassian Crowd
668
VMScore
CVE-2019-11580
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins...
Atlassian Crowd
3 Github repositories
445
VMScore
CVE-2019-20902
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 prior to 3.5.1.
Atlassian Crowd
490
VMScore
CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote malicious users to authenticate using an expired user session via an insufficient session expiration vulnerability.
Atlassian Crowd
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »