Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5070

The administration backup restore resource was vulnerable to XXE - CVE-2017-18110

    XMLWordPrintable

    Details

      Description

      The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            security-metrics-bot SecurityB
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: