Upgrade Tomcat to fix CVE-2023-46589

XMLWordPrintable

    • 4
    • Severity 3 - Minor

      Issue Summary

      This is reproducible on Data Center: 

      Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589

      Environment

      • Crowd 5.2.x
      • Crowd 5.2.x comes with Apache 9.0.82  (which is affected by the CVE)

      Steps to Reproduce

      • Check the Apache Tomcat version 

      Expected Results

      • Crowd 5.2.x: Apache Tomcat version 9.0.83 and later

      Actual Results

      • Apache Tomcat version 9.0.82 and earlier

      Workaround

      To mitigate the issue, it is possible to manually upgrade Apache Tomcat by following a process similar to the one described in the KB articles below but please note that this will place the application in an unsupported state:

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Crowd running over unofficial Tomcat versions.

            Assignee:
            Unassigned
            Reporter:
            Suat Kandiş (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: