[CWD-5091] Various resource in the Crowd Demo Application are vulnerable to CSRF - CVE-2017-18107 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.1.1
Component/s: None
Labels:
- CVE-2017-18107
- advisory
- advisory-released
- bugbounty
- csrf
- cvss-medium
- security
- xsrf

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Mar/2018 11:26 PM

Updated:: 27/Mar/2019 11:13 PM

Resolved:: 22/Mar/2018 11:57 PM