Vulnerability in Atlassian Crowd
CVE-2018-20238
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.
Affected products
- Atlassian Crowd — versions unspecified, 3.3.0
References
- jira.atlassian.com/browse/CWD-5361 (x_refsource_CONFIRM)
- 107036 (vdb-entry, x_refsource_BID)