CVE-2017-18106

CVE Database · CVE-2017-18106

CVE-2017-18106

· N/AModified

CVSS v3.1

N/A

EPSS

1.26%

Published

Mar 29, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.

Weaknesses (CWE)

CWE-287

Affected Products (1)

atlassian · crowd (up to 2.9.1)vulnerable

References (2)

https://jira.atlassian.com/browse/CWD-5061

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/CWD-5061

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs