Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5361

Insufficient Session Expiration of user sessions - CVE-2018-20238

XMLWordPrintable

      Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.

            [CWD-5361] Insufficient Session Expiration of user sessions - CVE-2018-20238

            Security Metrics Bot added a comment -

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 8.1 => High severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required Low
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality High
            Integrity High
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 8.1 => High severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality High Integrity High Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: