-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: None
-
Component/s: None
-
Severity 2 - Major
Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.