Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5091

Various resource in the Crowd Demo Application are vulnerable to CSRF - CVE-2017-18107

XMLWordPrintable

      Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

            [CWD-5091] Various resource in the Crowd Demo Application are vulnerable to CSRF - CVE-2017-18107

            Security Metrics Bot added a comment -

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 6.1 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity High
            Privileges Required None
            User Interaction Required

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality None
            Integrity High
            Availability None

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 6.1 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required None User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality None Integrity High Availability None

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: