The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/CWD-5061 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2019-03-04T00:00:00
Updated: 2019-03-29T14:04:53
Reserved: 2018-02-01T00:00:00
Link: CVE-2017-18106
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-29T14:29:00.313
Modified: 2019-04-01T14:06:34.390
Link: CVE-2017-18106
JSON object: View
Redhat Information
No data.
CWE