Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote malicious users to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian crowd |