Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.1.1
Affects Version/s: None
Component/s: None
Labels:
- CVE-2017-18107
- advisory
- advisory-released
- bugbounty
- csrf
- cvss-medium
- security
- xsrf

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and delete users & groups via a Cross-site request forgery (CSRF) vulnerability. Please be aware that the Demo application is not enabled by default.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Mar/2018 11:26 PM

Updated:: 27/Mar/2019 11:13 PM

Resolved:: 22/Mar/2018 11:57 PM