crowd2 (atlassian) — Vulnerabilities

Signals

Monitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real timeMonitoring NVD, CISA KEV, EPSS and the Dragons Community ransomware tracker in near-real time

Vendors · atlassian · crowd2

crowd2

· 2 CVEsatlassian · 2 known vulnerabilities

Total

Critical

High

Medium

CISA KEV

CVE-2018-1000423

Jan 9, 2019

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.

CVE-2018-1000422

Jan 9, 2019

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.

All atlassian products All Vendors CVE Database KEV Catalog