QID 730672

Atlassian Crowd is vulnerable to security misconfiguration vulnerability. All versions released after 3.0.0 are affected but only if both of the following conditions are met:
1. The vulnerability concerns only new installations of affected versions: if you upgraded from an earlier version, for example version 2.9.1, to version 3.0.0 or later, your instance is not affected.
2. An IP address has been added to the Remote Address configuration of the crowd application (which is none by default in versions after 3.0.0)

Affected Versions:
Crowd 3.0.0 - Crowd 3.7.2
Crowd 4.0.0 - Crowd 4.4.3
Crowd 5.0.0 - Crowd 5.0.2

QID Detection Logic (Unauthenticated):
This QID checks for vulnerable version of Atlassian Crowd by sending an HTTP GET request to login.action endpoint.

Note: QID is kept potential because only new installations of Atlassian Crowd are vulnerable, if you upgraded from earlier version, you're not affected.

The vulnerability allows an attacker connecting from IP in the allow list to authenticate as the crowd application through bypassing a password check. This would allow the attacker to call privileged endpoints in Crowd's REST API under the usermanagement path.