Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5071

Open redirect in the CrowdID login resource - CVE-2017-18109

XMLWordPrintable

      The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

            [CWD-5071] Open redirect in the CrowdID login resource - CVE-2017-18109

            Security Metrics Bot added a comment - - edited

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 3.5 => Low severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required Low
            User Interaction Required

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality Low
            Integrity None
            Availability None

            Security Metrics Bot added a comment - - edited This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 3.5 => Low severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction Required Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: