Vulnerability in Atlassian Crowd
CVE-2017-18106
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Cro…
EPSS: 0.005 (68.0th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Crowd — versions unspecified
References
- jira.atlassian.com/browse/CWD-5061 (x_refsource_MISC)