Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5091

Various resource in the Crowd Demo Application are vulnerable to CSRF - CVE-2017-18107

    XMLWordPrintable

    Details

      Description

      Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: