CyberSec.Space Logo
Back to CVE Browser

CVE-2017-18105

HIGH
8.1
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile26.08th
PublishedMar 29, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.

Affected Platforms (CPE)

📦
Atlassian

Crowd

< 3.0.2
📦
Atlassian

Crowd

>= 3.1.0 and < 3.1.1

References & Advisories

🔗 https://jira.atlassian.com/browse/CWD-5072
🔗 https://jira.atlassian.com/browse/CWD-5072

Related Vulnerabilities

CVE-2019-115809.8

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who c...

CVE-2016-64969.8

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary c...

CVE-2012-29269.1

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8,...

CVE-2018-202388.1

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers ...