Vulnerability in Atlassian Crowd

CVE-2019-20902

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.

EPSS: 0.003 (53.7th percentile) — read the EPSS interpretation.

Affected products

Atlassian Crowd — versions unspecified, 3.5.0, unspecified

References

jira.atlassian.com/browse/CWD-5409 (x_refsource_MISC)