Vulnerabilities > Atlassian > Crowd2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-1000423 | Insufficiently Protected Credentials vulnerability in Atlassian Crowd2 An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2. | 7.8 |
| 2019-01-09 | CVE-2018-1000422 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crowd2 An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | 6.5 |