[CWD-5060] Various resources included the current remote directory password in their responses - CVE-2016-10740 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Medium
Resolution: Fixed
Affects Version/s: 2.8, 2.9.1
Fix Version/s: 2.10.1
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical
Last commented by user?:
false
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

SecurityB

Participants:

SecurityB

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

08/Mar/2018 9:08 AM

Updated:

29/Jan/2019 2:56 AM

Resolved:

08/Mar/2018 9:44 AM

Last commented:

49 weeks, 5 days ago