CVE-2022-43782

Description from NVD

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the {{usermanagement}} path. This vulnerability can only be exploited by IPs specified under the crowd application allowlist in the Remote Addresses configuration, which is {{none}} by default. The affected versions are all versions 3.x.x, versions 4.x.x before version 4.4.4, and versions 5.x.x before 5.0.3

Information Acquisition Date:2022-11-19T14:59Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://jira.atlassian.com/browse/CWD-5888
     source:MISC
     tags:Issue Tracking    Patch    Vendor Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: iOS(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com51
https://thehackernews.com/2022/11/atlassian-releases-patche...11

▼ Show Information from Twitter(48)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com51
thehackernews.com11

▼ Show Information from Twitter(48)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2022/11/26 Score : 1
Added Har-sia Database : 2022/11/17
Last Modified : 2022/11/26
Highest Scored Date : 2022/11/19
Highest Score : 20