Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atlassian Crowd 授权问题漏洞
Vulnerability Description
Atlassian Crowd是澳大利亚Atlassian公司的一套基于Web的单点登录系统。该系统为多用户、网络应用程序和目录服务器提供验证、授权等功能。 Atlassian Crowd存在安全漏洞,该漏洞源于其允许攻击者通过错误的安全配置验证为人群应用程序,并能够调用Crowd REST API中{{usermanagement}}路径下的特权端点。
CVSS Information
N/A
Vulnerability Type
N/A