Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-6187

Upgrade Tomcat to fix CVE-2023-46589

XMLWordPrintable

      Issue Summary

      This is reproducible on Data Center: 

      Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589

      Environment

      • Crowd 5.2.x
      • Crowd 5.2.x comes with Apache 9.0.82  (which is affected by the CVE)

      Steps to Reproduce

      • Check the Apache Tomcat version 

      Expected Results

      • Crowd 5.2.x: Apache Tomcat version 9.0.83 and later

      Actual Results

      • Apache Tomcat version 9.0.82 and earlier

      Workaround

      To mitigate the issue, it is possible to manually upgrade Apache Tomcat by following a process similar to the one described in the KB articles below but please note that this will place the application in an unsupported state:

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Crowd running over unofficial Tomcat versions.

              Unassigned Unassigned
              2f0471d2a1a4 Suat Kandiş
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: