Reference and description
parent
91c1b3d047
commit
80b4647f7c
|
@ -6,20 +6,20 @@ info:
|
|||
severity: critical
|
||||
tags: cve,cve2019,atlassian,rce
|
||||
|
||||
# Atlassian Crowd and Crowd Data Center
|
||||
# had the pdkinstall development plugin incorrectly enabled in release builds.
|
||||
# Attackers who can send unauthenticated or authenticated requests
|
||||
# to a Crowd or Crowd Data Center instance can exploit this vulnerability
|
||||
# to install arbitrary plugins, which permits remote code execution on
|
||||
# systems running a vulnerable version of Crowd or Crowd Data Center.
|
||||
# All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
|
||||
# from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
|
||||
# from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
|
||||
# from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
|
||||
# and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
|
||||
# -
|
||||
# References:
|
||||
# > https://github.com/jas502n/CVE-2019-11580
|
||||
description: |
|
||||
Atlassian Crowd and Crowd Data Center
|
||||
had the pdkinstall development plugin incorrectly enabled in release builds.
|
||||
Attackers who can send unauthenticated or authenticated requests
|
||||
to a Crowd or Crowd Data Center instance can exploit this vulnerability
|
||||
to install arbitrary plugins, which permits remote code execution on
|
||||
systems running a vulnerable version of Crowd or Crowd Data Center.
|
||||
All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x),
|
||||
from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),
|
||||
from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x),
|
||||
from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x),
|
||||
and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
|
||||
reference:
|
||||
- https://github.com/jas502n/CVE-2019-11580
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
Loading…
Reference in New Issue