CVE Database · CVE-2018-20238
CVSS v3.1
N/A
EPSS
1.51%
Published
Feb 13, 2019
Modified
Nov 21, 2024
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability.
Weaknesses (CWE)
Affected Products (2)
References (4)
