What is CVE-2022-43782?

CVE-2022-43782 is a vulnerability in Atlassian Crowd Data Center. Published 2022-11-17.

Is CVE-2022-43782 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Crowd Data Center

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This…

EPSS: 0.008 (75.2th percentile) — read the EPSS interpretation.

Affected products

Atlassian Crowd Data Center — versions before 3.0.0, before 4.4.4, before 5.0.3
Atlassian Crowd Server — versions before 3.0.0, before 4.4.4, before 5.0.3

Public proof-of-concept exploits

karimhabush/cyberowl

References

jira.atlassian.com/browse/CWD-5888

Frequently asked questions

What is CVE-2022-43782?: CVE-2022-43782 is a vulnerability in Atlassian Crowd Data Center. Published 2022-11-17.
Is CVE-2022-43782 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.