Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5091

Various resource in the Crowd Demo Application are vulnerable to CSRF - CVE-2017-18107

XMLWordPrintable

      Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

            [CWD-5091] Various resource in the Crowd Demo Application are vulnerable to CSRF - CVE-2017-18107

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 2647312 ] New: JAC Bug Workflow v3 [ 3365971 ]
            David Black made changes -
            Summary Original: Various resource in the Crowd Demo Application are vulnerable to CSRF New: Various resource in the Crowd Demo Application are vulnerable to CSRF - CVE-2017-18107
            David Black made changes -
            Labels Original: advisory advisory-released bugbounty csrf cvss-medium security xsrf New: CVE-2017-18107 advisory advisory-released bugbounty csrf cvss-medium security xsrf
            David Black made changes -
            Labels Original: advisory advisory-to-release bugbounty csrf cvss-medium security xsrf New: advisory advisory-released bugbounty csrf cvss-medium security xsrf
            David Black made changes -
            Security Original: Atlassian Staff [ 10750 ]
            David Black made changes -
            Summary Original: Various resource of the Crowd Demo Application are vulnerable to CSRF New: Various resource in the Crowd Demo Application are vulnerable to CSRF
            David Black made changes -
            Summary Original: Various CSRF New: Various resource of the Crowd Demo Application are vulnerable to CSRF
            David Black made changes -
            Summary Original: Sanitised security issue fb2aacc4bd105f3a82641c9c5df3c893dd9d38d59c5c2bb9148d306d8044c70c New: Various CSRF
            David Black made changes -
            Description Original: Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. New: Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

            David Black made changes -
            Description Original: Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allows remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. New: Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability.

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: