Atlassian Crowd
17 CVEs affecting Atlassian Crowd. Latest disclosed: 2021-03-01. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-6496 | Critical | 9.8 | 2016-12-09 | The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute wit… |
CVE-2012-2926 | Critical | 9.1 | 2012-05-22 | Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 be… |
CVE-2020-36240 | | 2021-03-01 | The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbit… | |
CVE-2019-20902 | | 2020-10-01 | Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3… | |
CVE-2019-20104 | | 2020-02-06 | The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Servi… | |
CVE-2017-18107 | | 2019-12-17 | Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups… | |
CVE-2019-15005 | | 2019-11-08 | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results… | |
CVE-2019-11580 | | 2019-06-03 | Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or au… | |
CVE-2017-18110 | | 2019-03-29 | The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read… | |
CVE-2017-18109 | | 2019-03-29 | The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to… | |
CVE-2017-18108 | | 2019-03-29 | The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary… | |
CVE-2017-18106 | | 2019-03-29 | The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in… | |
CVE-2017-18105 | | 2019-03-29 | The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obt… | |
CVE-2018-20238 | | 2019-02-13 | Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expi… | |
CVE-2017-16858 | | 2018-01-31 | The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker t… | |
CVE-2013-3926 | | 2013-07-01 | Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, t… | |
CVE-2013-3925 | | 2013-07-01 | Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet ser… |