Vulnerabilities > Atlassian > Crowd2 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-09 | CVE-2018-1000422 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crowd2 An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | 6.5 |