The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vulnerability.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/CWD-5526 | Vendor Advisory |
https://zeroauth.ltd/blog/2020/02/07/cve-2019-20104-atlassian-crowd-openid-client-vulnerable-to-remote-dos-via-xml-entity-expansion/ | Exploit Technical Description |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2020-02-05T00:00:00
Updated: 2020-02-10T16:41:55
Reserved: 2019-12-30T00:00:00
Link: CVE-2019-20104
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-06T03:15:10.123
Modified: 2022-01-01T19:56:39.010
Link: CVE-2019-20104
JSON object: View
Redhat Information
No data.
CWE