CVE-2017-18110

CVE Database · CVE-2017-18110

CVE-2017-18110

· N/AModified

CVSS v3.1

N/A

EPSS

1.23%

Published

Mar 29, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.

Weaknesses (CWE)

CWE-611

Affected Products (2)

atlassian · crowd (up to 3.0.2)vulnerable

atlassian · crowdvulnerable

References (2)

https://jira.atlassian.com/browse/CWD-5070

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/CWD-5070

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs