Описание
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.2.7 (исключая)Версия от 3.3.0 (включая) до 3.3.4 (исключая)
Одно из
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00205
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
EPSS
Процентиль: 42%
0.00205
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-384