Vulnerabilities > CVE-2019-20902 - Unspecified vulnerability in Atlassian Crowd

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
atlassian
NVD
Published: 2020-10-01
Updated: 2020-10-14

Summary

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.

Vulnerable Configurations

Part Description Count
Application
Atlassian
182

References