Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.0.2, 3.1.1
Affects Version/s: 3.1.0
Component/s: None
Labels:

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Due:: 03/May/2018

Created:: 08/Mar/2018 9:26 AM

Updated:: 28/Mar/2019 8:50 PM

Resolved:: 08/Mar/2018 10:19 AM

Details

Description

Attachments

Forms

Activity

People

Dates