Filtered by vendor Atlassian
Subscriptions
Filtered by product Crowd
Subscriptions
Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-18109 | 1 Atlassian | 1 Crowd | 2019-04-01 | N/A |
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | ||||
CVE-2018-20238 | 1 Atlassian | 1 Crowd | 2019-02-26 | N/A |
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability. | ||||
CVE-2016-6496 | 1 Atlassian | 1 Crowd | 2018-10-09 | N/A |
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. |