[CWD-5060] Various resources included the current remote directory password in their responses - CVE-2016-10740 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 2.8, 2.9.1
Fix Version/s: 2.10.1
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: SecurityB

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Mar/2018 9:08 AM

Updated:: 02/Jan/2020 3:58 AM

Resolved:: 08/Mar/2018 9:44 AM