Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crowd vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote malicious users to authenticate using an expired user session via an insufficient session expiration vulnerability.
Atlassian Crowd
5.3
CVSSv3
CVE-2020-36240
The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 prior to 4.1.2 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Atlassian Crowd
7.5
CVSSv3
CVE-2019-20104
The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 prior to 3.7.1 allows remote malicious users to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
Atlassian Crowd
7.5
CVSSv3
CVE-2019-20902
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 prior to 3.5.1.
Atlassian Crowd
6.8
CVSSv3
CVE-2017-16858
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an malicious user to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an appl...
Atlassian Crowd
9.8
CVSSv3
CVE-2019-11580
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins...
Atlassian Crowd
3 Github repositories
9.8
CVSSv3
CVE-2022-43782
Affected versions of Atlassian Crowd allow an malicious user to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be explo...
Atlassian Crowd
NA
CVE-2013-3926
Atlassian Crowd 2.6.3 allows remote malicious users to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existenc...
Atlassian Crowd 2.6.3
1 Article
6.5
CVSSv3
CVE-2019-1003097
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Crowd Integration
9.1
CVSSv3
CVE-2012-2926
Atlassian JIRA prior to 5.0.1; Confluence prior to 3.5.16, 4.0 prior to 4.0.7, and 4.1 prior to 4.1.10; FishEye and Crucible prior to 2.5.8, 2.6 prior to 2.6.8, and 2.7 prior to 2.7.12; Bamboo prior to 3.3.4 and 3.4.x prior to 3.4.5; and Crowd prior to 2.0.9, 2.1 prior to 2.1.2, ...
Atlassian Bamboo
Atlassian Confluence
Atlassian Confluence Server
Atlassian Crowd
Atlassian Crucible
Atlassian Fisheye
Atlassian Jira
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »