-
Bug
-
Resolution: Fixed
-
High
-
3.2.0, 3.2.1, 3.2.3, 3.3.0, 3.2.4, 3.2.5, 3.3.1, 3.2.6, 3.3.3
-
None
-
Severity 2 - Major
-
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
[CWD-5361] Insufficient Session Expiration of user sessions - CVE-2018-20238
| Labels | Original: CVE-2018-20238 advisory advisory-released security | New: CVE-2018-20238 advisory advisory-released basm insufficient-session-expiration security |
| Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 3100826 ] | New: JAC Bug Workflow v3 [ 3365948 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 416689 ] |
| Labels | Original: advisory advisory-released security | New: CVE-2018-20238 advisory advisory-released security |
| Summary | Original: Insufficient Session Expiration of user sessions | New: Insufficient Session Expiration of user sessions - CVE-2018-20238 |
| Description | Original: Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired session via an insufficient session expiration vulnerability. | New: Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability. |
| Labels | Original: advisory advisory-to-release security | New: advisory advisory-released security |
| Security | Original: Atlassian Staff [ 10750 ] |
| Fix Version/s | New: 3.4.0 [ 82291 ] |
| Remote Link | New: This issue links to "KRAK-1774 (JIRA Server (Bulldog))" [ 411300 ] |