-
Bug
-
Resolution: Fixed
-
Medium
-
3.5
-
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
LDAP directory credentials can be found when viewing the source of /plugins/servlet/embedded-crowd/configure/delegatingldap/. It is possible for an attacker to obtain these credentials using either cross site scripting or after gaining administrative access. These details can then be used to extend their access on the current or additional machines on the network.
- is related to
-
JRASERVER-29656 LDAP Username and Password Disclosure - Embedded Crowd
- Closed
- was cloned as
-
CONFCLOUD-36047 LDAP Username and Password Disclosure - Embedded Crowd
- Closed