2019-02-13 19:29:00 2019-02-26 16:42:57

Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE
Atlassian Crowd 2.3.9 (not an official CPE) Atlassian Crowd 2.3.8 Atlassian Crowd 2.3.7 Atlassian Crowd 2.3.6 Atlassian Crowd 2.3.4 Atlassian Crowd 2.3.3 Atlassian Crowd 2.3.2 Atlassian Crowd 2.3.1 Atlassian Crowd 2.2.9 Atlassian Crowd 2.2.7 Atlassian Crowd 2.2.4 Atlassian Crowd 2.2.2 Atlassian Crowd 2.1.2 Atlassian Crowd 2.1.1 Atlassian Crowd 2.1 beta4 Atlassian Crowd 2.1 beta2 Atlassian Crowd 2.1 Atlassian Crowd 2.0.9 Atlassian Crowd 2.0.7 Atlassian Crowd 2.0.6 Atlassian Crowd 2.0.5 Atlassian Crowd 2.0.4 Atlassian Crowd 2.0.3 Atlassian Crowd 2.0.2 Atlassian Crowd 2.0.1 Atlassian Crowd 2.0 beta Atlassian Crowd 2.0 Atlassian Crowd 1.6.3 Atlassian Crowd 1.6.1 Atlassian Crowd 1.6 Atlassian Crowd 1.5.3 Atlassian Crowd 1.5.2 Atlassian Crowd 1.5.1 Atlassian Crowd 1.5 Atlassian Crowd 1.4.8 Atlassian Crowd 1.4.7 Atlassian Crowd 1.4.4 Atlassian Crowd 1.4.3 Atlassian Crowd 1.4.2 Atlassian Crowd 1.4.1 Atlassian Crowd 1.4 Atlassian Crowd 1.3.3 Atlassian Crowd 1.3.2 Atlassian Crowd 1.3.1 Atlassian Crowd 1.3 Atlassian Crowd 1.2.4 Atlassian Crowd 1.2.2 Atlassian Crowd 1.2.1 Atlassian Crowd 1.2 Atlassian Crowd 1.1.2 Atlassian Crowd 1.1.1 Atlassian Crowd 1.1.0 Atlassian Crowd 1.0.7 Atlassian Crowd 1.0.6 Atlassian Crowd 1.0.5 Atlassian Crowd 1.0.4 Atlassian Crowd 1.0.3 Atlassian Crowd 1.0.2 Atlassian Crowd 1.0.1 Atlassian Crowd 1.0.0 Atlassian Crowd 0.4.5 beta Atlassian Crowd 0.4.5 - (not an official CPE) Atlassian Crowd 0.4.4 beta Atlassian Crowd 0.4.4 - (not an official CPE) Atlassian Crowd 0.4.3 beta Atlassian Crowd 0.4.3 - (not an official CPE) Atlassian Crowd 0.4.2 beta Atlassian Crowd 0.4.2 - (not an official CPE) Atlassian Crowd 0.4.1 beta Atlassian Crowd 0.4.1 - (not an official CPE) Atlassian Crowd 0.4 beta Atlassian Crowd 0.4 - (not an official CPE) Atlassian Crowd 0.3.3 Beta (not an official CPE) Atlassian Crowd 0.3.3 Atlassian Crowd 0.3.2 beta Atlassian Crowd 0.3.2 - (not an official CPE) Atlassian Crowd 0.3 beta Atlassian Crowd 0.3 - (not an official CPE) Atlassian Crowd 0.2 beta Atlassian Crowd 0.2 - (not an official CPE) Atlassian Crowd 2.4 Atlassian Crowd 2.4.1 Atlassian Crowd 2.4.2 Atlassian Crowd 2.4.9 Atlassian Crowd 2.4.10 (not an official CPE) Atlassian Crowd 2.5 (not an official CPE) Atlassian Crowd 2.5.0 Atlassian Crowd 2.5.1 Atlassian Crowd 2.5.2 Atlassian Crowd 2.5.3 Atlassian Crowd 2.5.4 Atlassian Crowd 2.6.0 Atlassian Crowd 2.6.1 Atlassian Crowd 2.6.2 Atlassian Crowd 2.6.3 Atlassian Crowd 2.8.4 (not an official CPE) Atlassian Crowd 2.9.0 (not an official CPE) Atlassian Crowd 2.9.1 (not an official CPE) Atlassian Crowd 2.9.5 (not an official CPE) Atlassian Crowd 2.9.7 (not an official CPE) Atlassian Crowd 2.10.1 (not an official CPE) Atlassian Crowd 3.0.0 - (not an official CPE) Atlassian Crowd 3.0.1 - (not an official CPE) Atlassian Crowd 3.0.2 - (not an official CPE) Atlassian Crowd 3.0.3 - (not an official CPE) Atlassian Crowd 3.1.1 - (not an official CPE) Atlassian Crowd 3.1.2 (not an official CPE) Atlassian Crowd 3.1.3 - (not an official CPE) Atlassian Crowd 3.1.4 - (not an official CPE) Atlassian Crowd 3.1.5 - (not an official CPE) Atlassian Crowd 3.2.0 - (not an official CPE) Atlassian Crowd 3.2.1 - (not an official CPE) Atlassian Crowd 3.2.2 - (not an official CPE) Atlassian Crowd 3.2.3 - (not an official CPE) Atlassian Crowd 3.2.5 - (not an official CPE) Atlassian Crowd 3.2.6 - (not an official CPE) Atlassian Crowd 3.3.0 (not an official CPE) Atlassian Crowd 3.3.1 - (not an official CPE) Atlassian Crowd 3.3.2 - (not an official CPE) Atlassian Crowd 3.3.3 - (not an official CPE)
Advisory Patch Confirmed Link
107036
https://jira.atlassian.com/browse/CWD-5361