Known Vulnerabilities for Crowd by Atlassian
Listed below are 10 of the newest known vulnerabilities associated with "Crowd" by "Atlassian".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-31390 | Cross-Site Request Forgery (CSRF) vulnerability in bdoga Social Crowd social-crowd allows Stored XSS.This issue affects Socia... | Not Provided | 2025-04-09 | 2026-04-01 |
| CVE-2020-36240 | The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthentica... | 5.3 - MEDIUM | 2021-03-01 | 2021-07-21 |
| CVE-2019-20902 | Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before ver... | 7.5 - HIGH | 2020-10-01 | 2020-10-14 |
| CVE-2019-20104 | The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote atta... | 7.5 - HIGH | 2020-02-06 | 2022-01-01 |
| CVE-2019-15005 | The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate period... | 4.3 - MEDIUM | 2019-11-08 | 2019-11-14 |
| CVE-2019-11580 | Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers ... | 9.8 - CRITICAL | 2019-06-03 | 2022-04-19 |
| CVE-2018-20239 | Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.... | 5.4 - MEDIUM | 2019-04-30 | 2022-07-27 |
| CVE-2018-20238 | Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attac... | 8.1 - HIGH | 2019-02-13 | 2019-02-26 |
| CVE-2017-18106 | The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_... | 7.5 - HIGH | 2019-03-29 | 2019-04-01 |
| CVE-2017-18105 | The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote ... | 8.1 - HIGH | 2019-03-29 | 2019-04-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Crowd | 4.2.3 | All | All | All |
| Application | Atlassian | Crowd | 4.2.2 | All | All | All |
| Application | Atlassian | Crowd | 4.2.1 | All | All | All |
| Application | Atlassian | Crowd | 4.2.0 | All | All | All |
| Application | Atlassian | Crowd | 4.1.9 | All | All | All |
| Application | Atlassian | Crowd | 4.1.8 | All | All | All |
| Application | Atlassian | Crowd | 4.1.7 | All | All | All |
| Application | Atlassian | Crowd | 4.1.6 | All | All | All |
| Application | Atlassian | Crowd | 4.1.5 | All | All | All |
| Application | Atlassian | Crowd | 4.1.4 | All | All | All |
| Application | Atlassian | Crowd | 4.1.3 | All | All | All |
| Application | Atlassian | Crowd | 4.1.2 | All | All | All |
| Application | Atlassian | Crowd | 4.1.1 | All | All | All |
| Application | Atlassian | Crowd | 4.1.0 | All | All | All |
| Application | Atlassian | Crowd | 4.0.5 | All | All | All |
| Application | Atlassian | Crowd | 4.0.4 | All | All | All |
| Application | Atlassian | Crowd | 4.0.3 | All | All | All |
| Application | Atlassian | Crowd | 4.0.2 | All | All | All |
| Application | Atlassian | Crowd | 4.0.1 | All | All | All |
| Application | Atlassian | Crowd | 4.0.0 | All | All | All |