2019-02-13 19:29:00 2019-02-16 12:29:00

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE
Atlassian Crowd 2.3.8 Atlassian Crowd 2.3.7 Atlassian Crowd 2.3.6 Atlassian Crowd 2.3.4 Atlassian Crowd 2.3.3 Atlassian Crowd 2.3.2 Atlassian Crowd 2.3.1 Atlassian Crowd 2.2.9 Atlassian Crowd 2.2.7 Atlassian Crowd 2.2.4 Atlassian Crowd 2.2.2 Atlassian Crowd 2.1.2 Atlassian Crowd 2.1.1 Atlassian Crowd 2.1 beta4 Atlassian Crowd 2.1 beta2 Atlassian Crowd 2.1 Atlassian Crowd 2.0.9 Atlassian Crowd 2.0.7 Atlassian Crowd 2.0.6 Atlassian Crowd 2.0.5 Atlassian Crowd 2.0.4 Atlassian Crowd 2.0.3 Atlassian Crowd 2.0.2 Atlassian Crowd 2.0.1 Atlassian Crowd 2.0 beta Atlassian Crowd 2.0 Atlassian Crowd 1.6.3 Atlassian Crowd 1.6.1 Atlassian Crowd 1.6 Atlassian Crowd 1.5.3 Atlassian Crowd 1.5.2 Atlassian Crowd 1.5.1 Atlassian Crowd 1.5 Atlassian Crowd 1.4.8 Atlassian Crowd 1.4.7 Atlassian Crowd 1.4.4 Atlassian Crowd 1.4.3 Atlassian Crowd 1.4.2 Atlassian Crowd 1.4.1 Atlassian Crowd 1.4 Atlassian Crowd 1.3.3 Atlassian Crowd 1.3.2 Atlassian Crowd 1.3.1 Atlassian Crowd 1.3 Atlassian Crowd 1.2.4 Atlassian Crowd 1.2.2 Atlassian Crowd 1.2.1 Atlassian Crowd 1.2 Atlassian Crowd 1.1.2 Atlassian Crowd 1.1.1 Atlassian Crowd 1.1.0 Atlassian Crowd 1.0.7 Atlassian Crowd 1.0.6 Atlassian Crowd 1.0.5 Atlassian Crowd 1.0.4 Atlassian Crowd 1.0.3 Atlassian Crowd 1.0.2 Atlassian Crowd 1.0.1 Atlassian Crowd 1.0.0 Atlassian Crowd 0.4.5 beta Atlassian Crowd 0.4.4 beta Atlassian Crowd 0.4.3 beta Atlassian Crowd 0.4.2 beta Atlassian Crowd 0.4.1 beta Atlassian Crowd 0.4 beta Atlassian Crowd 0.3.3 Atlassian Crowd 0.3.2 beta Atlassian Crowd 0.3 beta Atlassian Crowd 0.2 beta Atlassian Crowd 2.4 Atlassian Crowd 2.4.1 Atlassian Crowd 2.4.2 Atlassian Crowd 2.4.9 Atlassian Crowd 2.5.0 Atlassian Crowd 2.5.1 Atlassian Crowd 2.5.2 Atlassian Crowd 2.5.3 Atlassian Crowd 2.5.4 Atlassian Crowd 2.6.0 Atlassian Crowd 2.6.1 Atlassian Crowd 2.6.2 Atlassian Crowd 2.6.3 Atlassian Crowd 2.8.4 (not an official CPE) Atlassian Crowd 2.9.0 (not an official CPE) Atlassian Crowd 2.9.1 (not an official CPE)
Advisory Patch Confirmed Link
https://jira.atlassian.com/browse/CWD-5361
107036