Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
3.5
-
Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
LDAP directory credentials can be found when viewing the source of /plugins/servlet/embedded-crowd/configure/delegatingldap/. It is possible for an attacker to obtain these credentials using either cross site scripting or after gaining administrative access. These details can then be used to extend their access on the current or additional machines on the network.
Attachments
Issue Links
- has a regression in
-
JRASERVER-38149 When editing an existing Crowd directory to change the application password, the application password value is reset to the old value after clicking "Test Settings"
- Closed
- is cloned from
-
JRASERVER-29656 LDAP Username and Password Disclosure - Embedded Crowd
- Closed
- relates to
-
CONFCLOUD-36047 LDAP Username and Password Disclosure - Embedded Crowd
- Closed
- duplicates
-
EMBCWD-958 Loading...
- mentioned in
-
Page Loading...