CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-18105

HIGH
8.1
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile26.08th
Published2019年3月29日
Last Modified2024年11月21日

Vulnerability Description

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.

Affected Platforms (CPE)

📦
Atlassian

Crowd

< 3.0.2
📦
Atlassian

Crowd

>= 3.1.0 and < 3.1.1

References & Advisories

🔗 https://jira.atlassian.com/browse/CWD-5072
🔗 https://jira.atlassian.com/browse/CWD-5072

相關漏洞威脅

CVE-2019-115809.8

Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who c...

CVE-2016-64969.8

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary c...

CVE-2012-29269.1

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8,...

CVE-2018-202388.1

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers ...