Atlassian Crowd CVE-2018-20238 Authentication Bypass Vulnerability
BID:107036
CVE-2018-20238 |Info
Atlassian Crowd CVE-2018-20238 Authentication Bypass Vulnerability
| Bugtraq ID: | 107036 |
| Class: | Design Error |
| CVE: |
CVE-2018-20238 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Atlassian Crowd 3.3.3 Atlassian Crowd 3.3.1 Atlassian Crowd 3.3 Atlassian Crowd 3.2.6 Atlassian Crowd 3.2.5 Atlassian Crowd 3.2.4 Atlassian Crowd 3.2.3 Atlassian Crowd 3.2.1 Atlassian Crowd 3.2 |
| Not Vulnerable: |
Atlassian Crowd 3.4 Atlassian Crowd 3.3.4 Atlassian Crowd 3.2.7 |
Discussion
Atlassian Crowd CVE-2018-20238 Authentication Bypass Vulnerability
Atlassian Crowd is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
Atlassian Crowd version prior to 3.2.7 and from version 3.3.0 prior to 3.3.4 are vulnerable.
Atlassian Crowd is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
Atlassian Crowd version prior to 3.2.7 and from version 3.3.0 prior to 3.3.4 are vulnerable.
Exploit / POC
Atlassian Crowd CVE-2018-20238 Authentication Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Atlassian Crowd CVE-2018-20238 Authentication Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Atlassian Crowd CVE-2018-20238 Authentication Bypass Vulnerability
References:
References: