Vulnerability in Atlassian Crowd
CVE-2017-18107
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the…
EPSS: 0.004 (61.8th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Crowd — versions unspecified
References
- jira.atlassian.com/browse/CWD-5091 (x_refsource_MISC)