Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-29656

LDAP Username and Password Disclosure - Embedded Crowd

XMLWordPrintable

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      LDAP directory credentials can be found when viewing the source of /plugins/servlet/embedded-crowd/configure/delegatingldap/. It is possible for an attacker to obtain these credentials using either cross site scripting or after gaining administrative access. These details can then be used to extend their access on the current or additional machines on the network.

        1. ldap-disclosure.jpg
          45 kB

            ohernandez@atlassian.com Oswaldo Hernandez (Inactive)
            62bfdf5269c6 highjack
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: