CVE-2018-20238

HIGH

8.1

CVSS Severity Score

EPSS Score0.0520%

EPSS Percentile7.47th

PublishedFeb 13, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

Affected Platforms (CPE)

📦

Atlassian

Crowd

< 3.2.7

📦

Atlassian

Crowd

>= 3.3.0 and < 3.3.4

References & Advisories

🔗 http://www.securityfocus.com/bid/107036

🔗 https://jira.atlassian.com/browse/CWD-5361

🔗 http://www.securityfocus.com/bid/107036

🔗 https://jira.atlassian.com/browse/CWD-5361

Vulnerability Description

Affected Platforms (CPE)

Crowd

Crowd

References & Advisories

Related Vulnerabilities