Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high impact to confidentiality, low impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Crowd Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Crowd Data Center and Server 7.1: Upgrade to a release greater than or equal to 7.1.3 See the release notes (https://confluence.atlassian.com/crowd/crowd-release-notes-199094.html). You can download the latest version of Crowd Data Center and Server from the download center (https://www.atlassian.com/software/crowd/download-archive). This vulnerability was reported via our Atlassian (Internal) program.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Atlassian Crowd Data Center 安全漏洞
Vulnerability Description
Atlassian Crowd Data Center是澳大利亚Atlassian公司的Crowd的集群部署版。 Atlassian Crowd Data Center 7.1.0及之后版本存在安全漏洞,该漏洞源于XML外部实体注入,可能导致访问本地和远程内容。
CVSS Information
N/A
Vulnerability Type
N/A