Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2 allowed an attacker to impersonate a Crowd user in REST requests by being able to authenticate to a directory bound to an application using the feature. Given the following situation: the Crowd application is bound to directory 1 and has a user called admin and the Google Apps application is bound to directory 2, which also has a user called admin, it was possible to authenticate REST requests using the credentials of the user coming from directory 2 and impersonate the user from directory 1.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Atlassian Crowd crowd-application插件模块安全漏洞
Vulnerability Description
Atlassian Crowd是澳大利亚Atlassian公司的一套基于Web的单点登录系统。该系统为多用户、网络应用程序和目录服务器提供验证、授权等功能。crowd-application plugin module是其中的一个SSO管理插件。 Atlassian Crowd 1.5.0版本至3.1.2版本(不包括3.1.2版本)中的crowd-application插件模块存在安全漏洞。攻击者可利用该漏洞在REST请求中伪造Crowd用户。
CVSS Information
N/A
Vulnerability Type
N/A