Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crowd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-11580
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins...
Atlassian Crowd
3 Github repositories
3.5
CVSSv2
CVE-2018-20239
Application Links before version 5.0.11, from version 5.1.0 prior to 5.2.10, from version 5.3.0 prior to 5.3.6, from version 5.4.0 prior to 5.4.12, and from version 6.0.0 prior to 6.0.4 allows remote malicious users to inject arbitrary HTML or JavaScript via a cross site scriptin...
Atlassian Application Links
Atlassian Fisheye
Atlassian Crucible
Atlassian Jira Server
Atlassian Jira Data Center
Atlassian Confluence Data Center
Atlassian Confluence Server
Atlassian Crowd
4
CVSSv2
CVE-2019-1003097
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Crowd Integration
6
CVSSv2
CVE-2017-18106
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for auth...
Atlassian Crowd
6.5
CVSSv2
CVE-2017-18108
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
Atlassian Crowd
4
CVSSv2
CVE-2017-18110
The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote malicious users to read files from the filesystem via a XXE vulnerability.
Atlassian Crowd
Atlassian Crowd 3.1.0
6.8
CVSSv2
CVE-2017-18105
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources ...
Atlassian Crowd
5.8
CVSSv2
CVE-2017-18109
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote malicious users to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
Atlassian Crowd
Atlassian Crowd 3.1.0
5.5
CVSSv2
CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote malicious users to authenticate using an expired user session via an insufficient session expiration vulnerability.
Atlassian Crowd
4
CVSSv2
CVE-2016-10740
Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.
Atlassian Crowd
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »