Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5070

The administration backup restore resource was vulnerable to XXE - CVE-2017-18110

    XMLWordPrintable

    Details

      Description

      The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved:
                Last commented:
                1 year, 19 weeks, 4 days ago