Application security - software vulnerabilities - Atlassian - Crowd Vulnerability Summary

CVE-2019-11580

Date
2019

类型
RCE

影响范围
Atlassian Crowd 3.4.3
Atlassian Crowd 3.4
Atlassian Crowd 3.3.4
Atlassian Crowd 3.3.3
Atlassian Crowd 3.3.1
Atlassian Crowd 3.3
Atlassian Crowd 3.2.1 - 3.2.7
Atlassian Crowd 3.2
Atlassian Crowd 3.1.5
Atlassian Crowd 3.1
Atlassian Crowd 3.0.4
Atlassian Crowd 2.11.1
Atlassian Crowd 2.11
Atlassian Crowd 2.10.3
Atlassian Crowd 2.10.1
Atlassian Crowd 2.9.7
Atlassian Crowd 2.9.1 - 2.9.5
Atlassian Crowd 2.9
Atlassian Crowd 2.8.8
Atlassian Crowd 2.8.3
Atlassian Crowd 2.7
Atlassian Crowd 2.6.0 - 2.6.3
Atlassian Crowd 2.5.3 - 2.5.4
Atlassian Crowd 2.5.0 - 2.5.2
Atlassian Crowd 2.4.9
Atlassian Crowd 2.4.1
Atlassian Crowd 2.4
Atlassian Crowd 2.3.6 - 2.3.8
Atlassian Crowd 2.3.1 - 2.3.4
Atlassian Crowd 2.2.9
Atlassian Crowd 2.2.7
Atlassian Crowd 2.2.4
Atlassian Crowd 2.2.2
Atlassian Crowd 2.1.1 - 2.1.2
Atlassian Crowd 2.1

 

CVE-2018-20238

 

DATE
 2018 

Type 
Authentication Bypass scope of 
Atlassian Crowd 

3.2 before .7 version and 3. the 3 a .0 version of to 3. 3 security vulnerabilities in previous versions .4

 

CVE-2017-18107

DATE
 2017 

types of vulnerabilities
 XSS - high risk 

sphere of influence
 <Atlassian Crowd 3.1 . 1

 

CVE-2017-18110

DATE
 2017 

Type 
XXE scope of 
Atlassian Crowd 

3.0 version and .2 3. Before 1 security vulnerability in version 0.01

 

CVE-2017-18108

DATE
 2017 

vulnerability type 
code injection scope


 <Atlassian Crowd 2.10 previous version .2

 

CVE-2017-18106

DATE
 2017 

type 
session hijacking scope


 <Atlassian Crowd 2.9 . . 1

 

CVE-2017-18105

DATE
 2017 

type 
session fixation scope 
Atlassian Crowd 

3.0 versions and 3. .2 before a security vulnerability in version 0.01

 

CVE-2017-18109

DATE
 2017 

type 
input validation error vulnerability scope 
Atlassian Crowd 

3.0 previous versions .2 and 3. the . 1 version in .0

 

CVE-2017-16858

DATE
 2017 

Type 
Crowd - file application plug-in module user forgery vulnerability scope 
Atlassian Crowd 

for 1.5 .0 version to 3. . 1 .2 version (not including 3. . 1 .2 version)

 

CVE-2016-10740

DATE
 2016 

type 
remote directory password vulnerability scope of 
Atlassian Crowd 

2.10 security vulnerability in versions prior to .1

 

CVE-2016-6496

Date
2016

类型
LADP注入导致RCE

影响范围
Atlassian Crowd 2.6.3
Atlassian Crowd 2.3.8
Atlassian Crowd 2.3.9
Atlassian Crowd 1.5.3
Atlassian Crowd 1.5.2
Atlassian Crowd 1.5.1
Atlassian Crowd 1.4.8
Atlassian Crowd 1.4.7
Atlassian Crowd 1.4.4
Atlassian Crowd 1.4.3
Atlassian Crowd 1.4.2
Atlassian Crowd 1.4
Atlassian Crowd 2.9.4
Atlassian Crowd 2.9.3
Atlassian Crowd 2.9.2
Atlassian Crowd 2.9.1
Atlassian Crowd 2.9
Atlassian Crowd 2.6.2
Atlassian Crowd 2.5.4
Atlassian Crowd 2.5.3
Atlassian Crowd 2.4.9
Atlassian Crowd 2.7
Atlassian Crowd 2.6.1
Atlassian Crowd 2.6.0
Atlassian Crowd 2.5.2
Atlassian Crowd 2.5.1
Atlassian Crowd 2.5.0
Atlassian Crowd 2.4.2
Atlassian Crowd 2.4.1
Atlassian Crowd 2.3.7
Atlassian Crowd 2.3.6
Atlassian Crowd 2.3.4
Atlassian Crowd 2.3.3
Atlassian Crowd 2.3.2
Atlassian Crowd 2.3.1
Atlassian Crowd 2.2.9
Atlassian Crowd 2.2.7
Atlassian Crowd 2.2.4
Atlassian Crowd 2.2.2
Atlassian Crowd 2.1.2
Atlassian Crowd 2.1.1
Atlassian Crowd 2.0.9
Atlassian Crowd 2.0.7
Atlassian Crowd 2.0.6
Atlassian Crowd 2.0.5
Atlassian Crowd 2.0.4
Atlassian Crowd 2.0.3
Atlassian Crowd 2.0.2
Atlassian Crowd 2.0.1
Atlassian Crowd 1.6.3
Atlassian Crowd 1.6.1
Atlassian Crowd 1.6

 

CVE-2013-3926

DATE
 , 2013 

type 
present Atlassian Crowd backdoor, allowing any server Crowd remote control, and damage to the system applications and data scope


 <Atlassian Crowd 2.6 . . 3

 

CVE-2013-3925

DATE
 , 2013 

type 
XML external entities referenced arbitrary file read vulnerability scope 
Atlassian Crowd 

2.5 .x 
Atlassian Crowd 2.6 .x 
Atlassian Crowd 2.3 . . 8 
Atlassian Crowd 2.3 . . 9