-
Bug
-
Resolution: Fixed
-
Medium
-
2.8, 2.9.1
-
None
-
Severity 1 - Critical
-
Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources.
[CWD-5060] Various resources included the current remote directory password in their responses - CVE-2016-10740
| Labels | Original: CVE-2016-10740 advisory advisory-released cvss-medium security | New: CVE-2016-10740 advisory advisory-released cvss-medium information-disclosure security |
| Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 2642973 ] | New: JAC Bug Workflow v3 [ 3365786 ] |
| Labels | Original: CVE-2016-10740 advisory advisory-to-release cvss-medium security | New: CVE-2016-10740 advisory advisory-released cvss-medium security |
| Labels | Original: advisory advisory-to-release cvss-medium security | New: CVE-2016-10740 advisory advisory-to-release cvss-medium security |
| Summary | Original: Various resources included the current remote directory password in their responses | New: Various resources included the current remote directory password in their responses - CVE-2016-10740 |
| Security | Original: Atlassian Staff [ 10750 ] |
| Labels | Original: advisory advisory-to-release breaches-security-sla cvss-medium security | New: advisory advisory-to-release cvss-medium security |
| Symptom Severity | Original: Critical [ 14430 ] | New: Severity 1 - Critical [ 15830 ] |
| Priority | Original: Low [ 4 ] | New: Medium [ 3 ] |
| Description | Original: Component in Atlassian Crowd from version 2.8 before version 2.10.1 and from version 2.9.1 before version 2.10.1 allows remote attackers to IMPACT via a VULN_INFO. | New: Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources. |