Reference and description

cves/2019/CVE-2019-11580.yaml

@@ -6,20 +6,20 @@ info:
   severity: critical
   tags: cve,cve2019,atlassian,rce
 
-  # Atlassian Crowd and Crowd Data Center
-  # had the pdkinstall development plugin incorrectly enabled in release builds.
-  # Attackers who can send unauthenticated or authenticated requests
-  # to a Crowd or Crowd Data Center instance can exploit this vulnerability
-  # to install arbitrary plugins, which permits remote code execution on
-  # systems running a vulnerable version of Crowd or Crowd Data Center.
-  # All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
-  # from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
-  # from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
-  # from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
-  # and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
-  # -
-  # References:
-  # > https://github.com/jas502n/CVE-2019-11580
+  description: |
+    Atlassian Crowd and Crowd Data Center
+    had the pdkinstall development plugin incorrectly enabled in release builds.
+    Attackers who can send unauthenticated or authenticated requests
+    to a Crowd or Crowd Data Center instance can exploit this vulnerability
+    to install arbitrary plugins, which permits remote code execution on
+    systems running a vulnerable version of Crowd or Crowd Data Center.
+    All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
+    from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
+    from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
+    from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
+    and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
+  reference:
+    - https://github.com/jas502n/CVE-2019-11580
 
 requests:
   - method: GET