Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5071

Open redirect in the CrowdID login resource - CVE-2017-18109

XMLWordPrintable

      The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

            [CWD-5071] Open redirect in the CrowdID login resource - CVE-2017-18109

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 2642983 ] New: JAC Bug Workflow v3 [ 3365973 ]
            David Black made changes -
            Labels Original: advisory advisory-released bugbounty cvss-low open-redirect security unvalidated-redirects New: CVE-2017-18109 advisory advisory-released bugbounty cvss-low open-redirect security unvalidated-redirects
            David Black made changes -
            Summary Original: Open redirect in the CrowdID login resource New: Open redirect in the CrowdID login resource - CVE-2017-18109
            David Black made changes -
            Description Original: The login resource of CrowdId in Atlassian Crowd before version 3.0.2,3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. New: The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
            Owen made changes -
            Symptom Severity Original: Minor [ 14432 ] New: Severity 3 - Minor [ 15832 ]
            David Black made changes -
            Labels Original: advisory advisory-to-release bugbounty cvss-low open-redirect security unvalidated-redirects New: advisory advisory-released bugbounty cvss-low open-redirect security unvalidated-redirects
            Marcin Kempa made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Closed [ 6 ]
            David Black made changes -
            Description Original: Component in Atlassian Crowd before version 3.0.2,3.1.1 allows remote attackers to IMPACT via a VULN_INFO. New: The login resource of CrowdId in Atlassian Crowd before version 3.0.2,3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.
            David Black made changes -
            Summary Original: Sanitised security issue 278ed7272d779bd7702e57957b439a752a71f9d33045b825c7137c9523126eaf New: Open redirect in the CrowdID login resource

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: