Описание
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.2 (исключая)Версия от 3.1.0 (включая) до 3.1.1 (исключая)
Одно из
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00509
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
EPSS
Процентиль: 66%
0.00509
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-384