[CWD-5062] JNDI injection in the administration SMTP configuration resource - CVE-2017-18108 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: High
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.10.2, 2.11.0
Component/s: None
Labels:

Symptom Severity:
Severity 3 - Minor
Last commented by user?:
true
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

SecurityB

Participants:

SecurityB

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

08/Mar/2018 9:08 AM

Updated:

27/Mar/2019 11:18 PM

Resolved:

08/Mar/2018 9:57 AM

Last commented:

1 year, 19 weeks, 5 days ago